08 Aug 2012
Sauerbraten Game Engine
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
A vulnerability has been reported in Sauerbraten Game Engine, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an input validation error within the "TEXTCOMMAND()" macro (src/engine/textedit.h) when parsing map files and can be exploited to manipulate arbitrary files via a malicious map.
Successful exploitation may allow execution of arbitrary code, but requires tricking a user into importing a malicious map or connecting to a malicious server.
The vulnerability is reported in version 2010_07_28. Other versions may also be affected.
Fixed in the SVN repository.
Martin Erik Werner in a Debian bug.