ALT-PU-2021-1634-1
Package stone_soup updated to version 0.26.1-alt1 for branch sisyphus in task 269763.
Closed vulnerabilities
Published: 2020-04-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-11722
Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2020:0549
- https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
- https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
- https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
- FEDORA-2020-de88782eaa
- FEDORA-2020-c976cfa87e
- openSUSE-SU-2020:0549
- FEDORA-2020-c976cfa87e
- FEDORA-2020-de88782eaa
- https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
- https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
- https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html