Candidate: CVE-2009-0367
PublicDate: 2009-03-05 02:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0367
Description:
 The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote
 attackers to escape the sandbox and execute arbitrary code by using a
 whitelisted module that imports an unsafe module, then using a hierarchical
 module name to access the unsafe module through the whitelisted module.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_wesnoth:
 debdiff: https://bugs.launchpad.net/ubuntu/hardy/+source/wesnoth/+bug/336396
upstream_wesnoth: released (1:1.4.7-4)
dapper_wesnoth: not-affected (code not present)
gutsy_wesnoth: released (1.2.6-1ubuntu2.5)
hardy_wesnoth: released (1:1.4-1ubuntu0.1)
intrepid_wesnoth: released (1:1.4.5-1ubuntu0.2)
devel_wesnoth: not-affected (1:1.4.7-4)