Bug#1133919: Two security issues (not CVE yet)
Moritz Muehlenhoff
jmm at debian.org
Wed Apr 15 19:01:23 BST 2026
Source: luanti
Severity: grave
Mod security sandbox escape:
https://github.com/luanti-org/luanti/security/advisories/GHSA-g596-mf82-w8c3
https://github.com/luanti-org/luanti/commit/8a929dfb97aa08337f49ba1bb96a56d6557dc896 (main)
https://github.com/luanti-org/luanti/commit/53cef183e2a85a4daff84ac1a9a7946f940da8f8 (5.15.2)
HTTP API and insecure environment access control bypass
https://github.com/luanti-org/luanti/security/advisories/GHSA-22c4-238c-m5j4
https://github.com/luanti-org/luanti/commit/0faf529bc4b89e70a275ed1162047815118f2413
https://github.com/luanti-org/luanti/commit/827fd4cf7f989482b2dad381fa4afd642ea73e8c (5.15.2)
I've prepared a backport for trixie-security, but I don't use Luanti myself,
does anyone run a game server on trixie (ideally with some mods) to test the
update?`(currently building on security-master, will copy debs to people.debian.org/~jmm
later)
Cheers,
Moritz
More information about the Pkg-games-devel
mailing list