Bug#562096: pu: package openttd/0.6.2-1+lenny1

To: Matthijs Kooijman <matthijs@stdin.nl>, 562096@bugs.debian.org
Subject: Bug#562096: pu: package openttd/0.6.2-1+lenny1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 22 Dec 2009 20:29:14 +0000
Message-id: <1261513754.3256.1017.camel@kaa.jungle.aubergine.my-net-space.net>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 562096@bugs.debian.org
In-reply-to: <20091222163226.6635.32784.reportbug@xanthe.stderr.nl>
References: <20091222163226.6635.32784.reportbug@xanthe.stderr.nl>

Hi,

On Tue, 2009-12-22 at 17:32 +0100, Matthijs Kooijman wrote:
> The openttd package contains a remote crash vulnerability that is easily
> exploited. Upstream will fix the bug in its upcoming release. Since that
> will be released in a few days, I will not provide complete details on
> the exploit, just the patch.
> 
> Since openttd is in contrib, this fix is not going through the
> stable-security repository.
> 
> The debdiff is below, most of the diff is putting the dpatch stuff
> (back) into place. Only the last chunk is the actual bugfix.

The fix itself is fine.  However, introducing new dependencies or patch
systems is not an appropriate change to make in a stable update.

If you were to upload an update which included the bugfix without the
packaging changes then I'd be happy to accept that.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#562096: pu: package openttd/0.6.2-1+lenny1
  - From: Matthijs Kooijman <matthijs@stdin.nl>

References:
- Bug#562096: pu: package openttd/0.6.2-1+lenny1
  - From: Matthijs Kooijman <matthijs@stdin.nl>

Prev by Date: Re: SRM update request: gnash (Re: Any hope of an gnash update in Lenny?)
Next by Date: Re: [Pkg-electronics-devel] geda-examples REMOVED from testing
Previous by thread: Bug#562096: pu: package openttd/0.6.2-1+lenny1
Next by thread: Bug#562096: pu: package openttd/0.6.2-1+lenny1
Index(es):
- Date
- Thread