Netrek

File Release Notes and Changelog

Release Name: netrek-server-vanilla 2.12.1

Notes:
fixes format string security vulnerability when EVENTLOG=1


Changes:
        * ntserv/warning.c, robots/rmove.c: fix security vulnerability in
          message handling reported by Luigi Auriemma.  This vulnerability
          is present if the server is configured with EVENTLOG=1 in
          etc/sysdef, (the default is EVENTLOG=0) and is confirmed present in
          release 2.12.0.  User input was passed to vsprintf as a format
          string.