Bug 324841 (CVE-2007-3917)

Summary: CVE-2007-3917 Buffer overflow in wesnoth triggerable by UTF-8 chat message
Product: [Fedora] Fedora Reporter: Lubomir Kundrak <lkundrak>
Component: wesnothAssignee: Brian Pepple <bdpepple>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 7Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://bugzilla.novell.com/show_bug.cgi?id=332098
Whiteboard: impact=important
Fixed In Version: 1.2.7-1.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-11 22:55:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lubomir Kundrak 2007-10-09 13:05:02 UTC 
Description of problem:

From Novell bugzilla (see URL):

A malicious user could send a long chat message with multibyte characters, the
server would truncate the message on a fixed length, without paying attention to
the multibyte characters. This led to invalid utf-8 on the client and an
uncaught exception was thrown. Note both wesnoth and the wesnoth server are
affected.

Additional information:

I am aware of no further details, nor the fix.
Comment 1 Fedora Update System 2007-10-11 01:46:56 UTC 
wesnoth-1.2.7-1.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update wesnoth'
Comment 2 Fedora Update System 2007-10-11 22:55:04 UTC 
wesnoth-1.2.7-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.