Candidate: CVE-2015-5069
PublicDate: 2017-09-26 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5069
 https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d
 http://www.openwall.com/lists/oss-security/2015/06/25
 http://www.openwall.com/lists/oss-security/2015/06/25/12
Description:
 The (1) filesystem::get_wml_location function in filesystem.cpp and (2)
 is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before
 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive
 information via vectors related to inclusion of .pbl files from WML.
Ubuntu-Description:
Notes:
 seth-arnold> incomplete fix lead to CVE-2015-5070
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]

Patches_wesnoth-1.10:
upstream_wesnoth-1.10: needed
precise_wesnoth-1.10: ignored (reached end-of-life)
precise/esm_wesnoth-1.10: DNE (precise was needed)
trusty_wesnoth-1.10: ignored (reached end-of-life)
trusty/esm_wesnoth-1.10: DNE (trusty was needed)
utopic_wesnoth-1.10: ignored (reached end-of-life)
vivid_wesnoth-1.10: ignored (reached end-of-life)
vivid/stable-phone-overlay_wesnoth-1.10: DNE
vivid/ubuntu-core_wesnoth-1.10: DNE
wily_wesnoth-1.10: DNE
xenial_wesnoth-1.10: DNE
yakkety_wesnoth-1.10: DNE
zesty_wesnoth-1.10: DNE
artful_wesnoth-1.10: DNE
bionic_wesnoth-1.10: DNE
cosmic_wesnoth-1.10: DNE
disco_wesnoth-1.10: DNE
devel_wesnoth-1.10: DNE

Patches_wesnoth-1.12:
upstream_wesnoth-1.12: released (1:1.12.4-1)
precise_wesnoth-1.12: DNE
precise/esm_wesnoth-1.12: DNE
trusty_wesnoth-1.12: DNE
trusty/esm_wesnoth-1.12: DNE
utopic_wesnoth-1.12: DNE
vivid_wesnoth-1.12: ignored (reached end-of-life)
vivid/stable-phone-overlay_wesnoth-1.12: DNE
vivid/ubuntu-core_wesnoth-1.12: DNE
wily_wesnoth-1.12: ignored (reached end-of-life)
xenial_wesnoth-1.12: not-affected (1:1.12.4-1)
yakkety_wesnoth-1.12: ignored (reached end-of-life)
zesty_wesnoth-1.12: ignored (reached end-of-life)
artful_wesnoth-1.12: not-affected (1:1.12.4-1)
bionic_wesnoth-1.12: not-affected (1:1.12.4-1)
cosmic_wesnoth-1.12: DNE
disco_wesnoth-1.12: DNE
devel_wesnoth-1.12: DNE