Bug 1169381 - (CVE-2020-11722) VUL-0: CVE-2020-11722: crawl: remote arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file
(CVE-2020-11722)
VUL-0: CVE-2020-11722: crawl: remote arbitrary code via Lua bytecode embedde...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P3 - Medium : Major (vote)
: ---
Assigned To: Ferdinand Thiessen
Security Team bot
https://smash.suse.de/issue/256997/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-04-14 07:35 UTC by Alexandros Toptsoglou
Modified: 2020-04-24 22:13 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Ferdinand Thiessen 2020-04-14 12:07:23 UTC
Submitted patches[1], when they are accepted into games they will get forwarded into factory, Leap and SLE Backports.

[1] https://build.opensuse.org/request/show/793854
Comment 2 Swamp Workflow Management 2020-04-16 03:20:06 UTC
This is an autogenerated message for OBS integration:
This bug (1169381) was mentioned in
https://build.opensuse.org/request/show/794405 15.1+Backports:SLE-15-SP1 / crawl
Comment 3 Ferdinand Thiessen 2020-04-17 06:37:40 UTC
Factory request got accepted.
Comment 4 Swamp Workflow Management 2020-04-17 07:10:13 UTC
This is an autogenerated message for OBS integration:
This bug (1169381) was mentioned in
https://build.opensuse.org/request/show/794776 15.2 / crawl
Comment 5 Swamp Workflow Management 2020-04-24 22:13:45 UTC
openSUSE-SU-2020:0549-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1169381
CVE References: CVE-2020-11722
Sources used:
openSUSE Leap 15.1 (src):    crawl-0.24.0-lp151.3.3.2
openSUSE Backports SLE-15-SP1 (src):    crawl-0.24.0-bp151.4.3.2