Bug#562096: pu: package openttd/0.6.2-1+lenny1
Hi,
On Tue, 2009-12-22 at 17:32 +0100, Matthijs Kooijman wrote:
> The openttd package contains a remote crash vulnerability that is easily
> exploited. Upstream will fix the bug in its upcoming release. Since that
> will be released in a few days, I will not provide complete details on
> the exploit, just the patch.
>
> Since openttd is in contrib, this fix is not going through the
> stable-security repository.
>
> The debdiff is below, most of the diff is putting the dpatch stuff
> (back) into place. Only the last chunk is the actual bugfix.
The fix itself is fine. However, introducing new dependencies or patch
systems is not an appropriate change to make in a stable update.
If you were to upload an update which included the bugfix without the
packaging changes then I'd be happy to accept that.
Regards,
Adam
Reply to: