Red Hat Bugzilla – Bug 324841
CVE-2007-3917 Buffer overflow in wesnoth triggerable by UTF-8 chat message
Last modified: 2007-11-30 17:12:17 EST
Description of problem:
From Novell bugzilla (see URL):
A malicious user could send a long chat message with multibyte characters, the
server would truncate the message on a fixed length, without paying attention to
the multibyte characters. This led to invalid utf-8 on the client and an
uncaught exception was thrown. Note both wesnoth and the wesnoth server are
I am aware of no further details, nor the fix.
wesnoth-1.2.7-1.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update wesnoth'
wesnoth-1.2.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.