Overview

File _patchinfo of Package patchinfo.7675

<patchinfo incident="7675">
  <issue id="1073248" tracker="bnc">VUL-0: CVE-2017-17528: scummvm: backends/platform/sdl/posix/posix.cpp does not validate strings before launching the program specified by the BROWSER environment variable</issue>
  <issue id="2017-17528" tracker="cve" />
  <category>recommended</category>
  <rating>moderate</rating>
  <packager>alois</packager>
  <description>This update for scummvm fixes the following issues:

Scummvm was updated to version 2.0.0:

- New Games:

  * Added support for Full Pipe.
  * Added support for Hi-Res Adventure #3: Cranston Manor.
  * Added support for Hi-Res Adventure #4: Ulysses and the Golden Fleece.
  * Added support for Hi-Res Adventure #5: Time Zone.
  * Added support for Hi-Res Adventure #6: The Dark Crystal.
  * Added support for Riven.
  * Added support for Starship Titanic English &amp; German.

- New Games (Sierra SCI2 - SCI3):

  * Added support for Gabriel Knight.
  * Added support for Gabriel Knight 2.
  * Added support for King's Quest VII.
  * Added support for King's Questions.
  * Added support for Leisure Suit Larry 6 (hires).
  * Added support for Leisure Suit Larry 7.
  * Added support for Lighthouse.
  * Added support for Mixed-Up Mother Goose Deluxe.
  * Added support for Phantasmagoria.
  * Added support for Phantasmagoria 2.
  * Added support for Police Quest 4.
  * Added support for RAMA.
  * Added support for Shivers.
  * Added support for Space Quest 6.
  * Added support for Torin's Passage.

- General:

  * Added bilinear filtering option for SDL2 fullscreen mode.
  * Fixed a bug that caused a crash in the options dialog of the GUI.
  * Added a command-line option to automatically scan for supported games in
    the current or a specified directory.
  * Added possibility to apply changes in the options dialog without closing
    the dialog.
  * Added support for on-the-fly GUI language switching.
  * Updated Munt MT-32 emulation code to version 2.0.3.
  * Improved handling of joysticks.
  * Improved audio latency.
  * Improved management of the ScummVM window in games that switch display
    modes.
  * Fixed list view drawing over text above it (for example in the save dialog).
  * Changed location where screenshot are saved. This fixes issues when scummvm
    is installed in a read*only directory. Also added setting to allow changing
    this location.
  * Changed screenshot format to png.
  * Fixed multithreading issue that could cause a crash in games using MP3 audio.

- CVE-2017-17528: Also fixed a possible code execution via the BROWSER environment variable. (boo#1073248)
</description>
  <summary>Recommended update for scummvm</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places