Bug 9109

Summary: scummvm security update (CVE-2017-17528)
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Contributed PackagesAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED INVALID QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: andrey.bondrov, denis.silakov, mc2374
Version: Plasma5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://advisories.mageia.org/MGASA-2018-0278.html
Whiteboard:
Platform: --- ROSA Vulnerability identifier: CVE-2017-17528
RPM Package: scummvm ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2018-06-18 08:23:09 MSK 
ScummVM 1.8.1's POSIX backend does not validate strings before launching the
program specified by the BROWSER environment variable, which might allow remote
attackers to conduct argument-injection attacks via a crafted URL
(CVE-2017-17528).

This update fixes it, and updates ScummVM to the latest 2.0.0 upstream release,
adding support for 23 new games, and several bug fixes.
Comment 1 Giovanni Mariani 2018-07-20 17:59:31 MSK 
The report is about scummvm 1.8.1 AFAICT.
We have 2.0.0 since December 2017, so this issue should be moot...
Closing.