[ubuntu/zesty-proposed] iortcw 1.50a+dfsg1-3 (Accepted)
Graham Inggs
graham at nerve.org.za
Thu Mar 23 16:17:10 UTC 2017
iortcw (1.50a+dfsg1-3) unstable; urgency=high
* d/gbp.conf: switch branch to debian/stretch for updates during freeze
* d/patches: Add patches from upstream fixing security vulnerabilities
- refuse to load potentially auto-downloadable .pk3 files as
iortcw renderers, iortcw game code, libcurl, or OpenAL drivers
(mitigation: auto-downloading is off by default, and in Debian
we do not dlopen libcurl anyway)
- refuse to load default configuration file names from a .pk3 file
- protect cl_renderer, cl_curllib, s_aldriver configuration variables so
game code cannot set them
- refuse to overwrite files other than *.txt with the dump console
command
- refuse to overwrite files other than *.cfg with the writeconfig
console command
(Closes: #857714)
Date: 2017-03-14 16:16:50.320644+00:00
Signed-By: Graham Inggs <graham at nerve.org.za>
https://launchpad.net/ubuntu/+source/iortcw/1.50a+dfsg1-3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Zesty-changes
mailing list