CVE-2015-5069

NameCVE-2015-5069
DescriptionThe (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-297-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wesnoth-1.10 (PTS)wheezy1:1.10.3-3+deb7u2fixed
wheezy (security)1:1.10.3-3+deb7u1vulnerable
jessie1:1.10.7-2+deb8u1fixed
wesnoth-1.12 (PTS)buster, sid, stretch1:1.12.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wesnoth-1.10source(unstable)(unfixed)medium
wesnoth-1.10sourcejessie1:1.10.7-2+deb8u1medium
wesnoth-1.10sourcewheezy1:1.10.3-3+deb7u2medium
wesnoth-1.12source(unstable)1:1.12.4-1medium
wesnoth-1.13unknownexperimental1:1.13.1-1medium
wesnoth-1.8source(unstable)(unfixed)medium
wesnoth-1.8sourcesqueeze1:1.8.5-1+deb6u2mediumDLA-297-1

Notes

https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d

Search for package or bug name: Reporting problems