[redeclipse] 390/494: better description of patch, changelog entry

Martin Werner arand-guest at moszumanska.debian.org
Sun Jun 21 20:52:55 UTC 2015 

This is an automated email from the git hooks/post-receive script.

arand-guest pushed a commit to branch debdir
in repository redeclipse.

commit 8f6f4189574fc6c90c95c9a22cd5652d06e7c2e1
Author: Martin Erik Werner <martinerikwerner at gmail.com>
Date:   Tue Aug 7 14:52:17 2012 +0200

    better description of patch, changelog entry
---
 changelog                               |  7 +++++++
 patches/security-text-command-fix.patch | 13 +++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/changelog b/changelog
index 837c486..fa6d29f 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,10 @@
+redeclipse (1.2-2.1) unstable; urgency=high
+
+  * Add debian/patches/security-text-command-fix.patch
+    - File access security fix (Closes: #684143)
+
+ -- Martin Erik Werner <martinerikwerner at gmail.com>  Mon, 27 Feb 2012 13:53:19 +0100
+
 redeclipse (1.2-2) unstable; urgency=low
 
   * debian/patches/backported-fix-icon-sizes.patch
diff --git a/patches/security-text-command-fix.patch b/patches/security-text-command-fix.patch
index 9121d8f..2838f51 100644
--- a/patches/security-text-command-fix.patch
+++ b/patches/security-text-command-fix.patch
@@ -3,8 +3,17 @@ From: eihrul <eihrul at 2cd6abe5-5779-42d9-9038-cec04ae5ff40>
 Date: Sun, 22 Jul 2012 21:22:55 +0000
 Subject: [PATCH] text command fix
 Comment:
- This patch fixes a file access security issue which could allow a remote
- attacker access local files by transmitting map script files.
+ Game maps can in cube2-engine games be transmitted either from server
+ to client or from client to client, which includes a config file
+ (mapname.cfg) which is in "cubescript" format, this makes it possible
+ for an attacker to send a malign script via a new map (which must be
+ chosen by admin on a server, or created in cooperative editing mode). A
+ script like this could trivially read/write to any files which the user
+ running the client has access to (it is executed when the client loads
+ the map).
+ .
+ This patch stops "textedit" commands being able to be run in map-run
+ scripts, thus disabling the ability to read/write to user files.
 
 git-svn-id: https://redeclipse.svn.sourceforge.net/svnroot/redeclipse@3764 2cd6abe5-5779-42d9-9038-cec04ae5ff40
 ---

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/redeclipse.git

More information about the Pkg-games-commits mailing list