CVE-2015-0844

NameCVE-2015-0844
DescriptionThe WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-202-1, DSA-3218-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wesnoth-1.10 (PTS)jessie1:1.10.7-2+deb8u1fixed
wesnoth-1.12 (PTS)stretch1:1.12.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wesnoth-1.10source(unstable)1:1.10.7-2medium
wesnoth-1.10sourcewheezy1:1.10.3-3+deb7u1mediumDSA-3218-1
wesnoth-1.12source(unstable)1:1.12.2-1medium
wesnoth-1.8source(unstable)(unfixed)medium
wesnoth-1.8sourcesqueeze1:1.8.5-1+deb6u1mediumDLA-202-1
Search for package or bug name: Reporting problems