Ubuntu

“redeclipse” 1.2-2ubuntu0.1 source package in The Precise Pangolin

Publishing history

1.2-2ubuntu0.1
PUBLISHED: Precise pocket Updates in component multiverse and section games
  • Published on 2012-08-16
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot
1.2-2ubuntu0.1
PUBLISHED: Precise pocket Security in component multiverse and section games
  • Published on 2012-08-16
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team

Builds

Changelog

redeclipse (1.2-2ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE:
    Game maps can in cube2-engine games be transmitted either from server
    to client or from client to client, which includes a config file
    (mapname.cfg) which is in "cubescript" format, this makes it possible
    for an attacker to send a malign script via a new map (which must be
    chosen by admin on a server, or created in cooperative editing mode). A
    script like this could trivially read/write to any files which the user
    running the client has access to (it is executed when the client loads
    the map). (LP: #1034148)
    - Add debian/patches/security-text-command-fix.patch
      This patch stops "textedit" commands being able to be run in map-run
      scripts, thus disabling the ability to read/write to user files.
 -- Martin Erik Werner <email address hidden>   Thu, 02 Aug 2012 15:01:30 +0200