[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Backports-security-announce] Security Update for wesnoth

Gerfried Fuchs uploaded new packages for wesnoth which fixed the
following security problems:


  The implementation of the sandbox for the python AIs was possible to
  circumvent, allowing it to execute arbitrary python code on the
  client's machine. Please note that the official servers never had such
  malicious code and were patched to not accept any python code anymore.


  Through the gzip compression it was possible to send a rather small
  compressed map to a server which expanded it in memory, resulting in
  memory exhaustion and possible crash.

For the etch-backports distribution the problems have been fixed in
version 1:1.4.4-2+lenny1~bpo40+1.

For the lenny-backports distribution the problems have been fixed in
version 1:1.4.7-4~bpo50+1.

For the sid distribution the problems have been fixed in version

Please note that squeeze, the current testing distribution, does not
receive security updates in a timely manner, see the announcement mail
from the testing security team:

Upgrade instructions

If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t etch-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>

We recommend to pin the backports repository to 200 so that new versions
of installed  backports will be installed automatically:

  Package: *
  Pin: release a=etch-backports
  Pin-Priority: 200

Attachment: signature.asc
Description: Digital signature

Reply to: