thr3ads.net - Secure testing team - [Secure-testing-team] Bug#684143: redeclipse: security issues with transmitted map cfgs [Aug 2012]

If this information is useful, please help other people find it:
Share via:

Martin Erik Werner

2012-Aug-07 11:21 UTC

[Secure-testing-team] Bug#684143: redeclipse: security issues with transmitted map cfgs

Package: redeclipse
Version: 1.2-2
Severity: grave
Tags: security patch upstream
Justification: user security hole

A security issue with execution of map cfg(script) files could allow these
scripts the same r/w access to files as the user running the game client.

This issue has been patched upstream, which makes it harder to exploit.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (900, ''testing''), (800,
''unstable''), (300, ''experimental'')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages redeclipse depends on:
ii  dpkg                      1.16.4.3
ii  libc6                     2.13-33
ii  libenet1a                 1.3.3-2
ii  libgcc1                   1:4.7.1-2
ii  libgl1-mesa-glx [libgl1]  8.0.3-1
ii  libsdl-image1.2           1.2.12-2
ii  libsdl-mixer1.2           1.2.12-2
ii  libsdl1.2debian           1.2.15-5
ii  libstdc++6                4.7.1-2
ii  libx11-6                  2:1.5.0-1
ii  redeclipse-data           1.2-1
ii  zlib1g                    1:1.2.7.dfsg-13

redeclipse recommends no packages.

redeclipse suggests no packages.

-- no debconf information

Secure testing team - Aug 2012 - Bug#684143: redeclipse: security issues with transmitted map cfgs

[Secure-testing-team] Bug#684143: redeclipse: security issues with transmitted map cfgs