Add a note about CVE-2009-0367 to RELEASE_NOTES.

2009-02-24 03:59:26 +00:00 · 2009-02-24 03:59:26 +00:00 · 5d2f3eda1d
commit 5d2f3eda1d
parent db334d32e1
1 changed files with 10 additions and 0 deletions
--- a/10
+++ b/10
@ -21,3 +21,13 @@ existing add-on's for this change.
 * titlescreen/landscapecastle.jpg -> story/landscape-castle.jpg

 ***
+
+This release contains an important security update, fixing a vulnerability
+that could allow third-party content (such as campaigns downloaded from the
+add-on server) to execute arbitrary code with user account privileges.  Consult
+CVE-2009-0367 for details.  All content currently on the official add-on server 
+has been inspected to confirm that none of it exploits this vulnerability,
+and the add-on server itself has been patched to ensure that exploits can no
+longer be uploaded.  Therefore, users of previous versions of Battle for Wesnoth 
+who have received user-made content through the official add-on server and 
+no other distribution channel need not fear that they have been compromised.