Bug#684144: security issues with transmitted map cfgs
Martin Erik Werner
martinerikwerner at gmail.com
Sun Sep 23 17:22:14 UTC 2012
retitle 684144 manually downloaded map cfgs can directly execute text
commands
severity 684144 normal
thanks.
On speaking to the upstream developer, he pointed out that sauer does
not actually transmit map cfg files, that's only something which happens
in Red Eclipse (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684143
already fixed), and that there should be no need to backport this patch.
The issue is still relevant if the user manually downloads a map, but I
take it this is less of a concern, so I'm marking this as normal
severity instead, and retitling the bug appropriately.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20120923/b6337d5f/attachment.pgp>
More information about the Pkg-games-devel
mailing list