A flaw was reported in wesnoth, a turn-based strategy game with a fantasy theme: A severe security vulnerability in the game client was found (bug #23440) which could allow a malicious user to obtain personal files and information from other players in networked MP games using the built-in WML/Lua API on any platform. The flaw affects wesnoth 1.12.1 and wesnoth 1.10.7. Release announcement: http://forums.wesnoth.org/viewtopic.php?t=41870 https://raw.githubusercontent.com/wesnoth/wesnoth/1.12.2/changelog Upstream advisory: http://forums.wesnoth.org/viewtopic.php?t=41872 Upstream patch: https://github.com/wesnoth/wesnoth/commit/af61f9fdd15cd439da9e2fe5fa39d174c923eaae
Created wesnoth tracking bugs for this issue: Affects: fedora-all [bug 1211238] Affects: epel-5 [bug 1211239] Affects: epel-6 [bug 1211240]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.