There are 2 open security issues in bullseye.
2 issues left for the package maintainer to handle:
- CVE-2020-14938:
(needs triaging)
An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.
- CVE-2020-14939:
(needs triaging)
An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.
You can find information about how to handle these issues in the security team's documentation.