The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 9 | all | wesnoth-1.12 | <Â 1:1.12.6-1+deb9u1 | wesnoth-1.12_1:1.12.6-1+deb9u1_all.deb |