CVE-2010-2445

NameCVE-2010-2445
Descriptionfreeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs584589

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freeciv (PTS)jessie2.4.3-3fixed
stretch2.5.6-2fixed
buster2.6.0-2fixed
bullseye2.6.3-1fixed
bookworm3.0.6-1fixed
sid, trixie3.1.2+ds-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freecivsource(unstable)2.2.1-1low584589

Notes

[lenny] - freeciv <no-dsa> (Minor issue)
http://gna.org/bugs/?15624

Search for package or bug name: Reporting problems