Hi Adam, > The fix itself is fine. However, introducing new dependencies or patch > systems is not an appropriate change to make in a stable update. > > If you were to upload an update which included the bugfix without the > packaging changes then I'd be happy to accept that. Ah right. I totally forgot that you can put changes to upstream sources directly in the .diff.gz. I've just uploaded a version with just the upstream patch, debdiff is below. Gr. Matthijs diff -u openttd-0.6.2/debian/changelog openttd-0.6.2/debian/changelog --- openttd-0.6.2/debian/changelog +++ openttd-0.6.2/debian/changelog @@ -1,3 +1,10 @@ +openttd (0.6.2-1+lenny1) stable; urgency=low + + * Backport upstream r18462 to fix remote crash vulnerability + CVE-2009-4007. + + -- Matthijs Kooijman <matthijs@stdin.nl> Wed, 23 Dec 2009 23:08:48 +0100 + openttd (0.6.2-1) unstable; urgency=low * New upstream release. only in patch2: unchanged: --- openttd-0.6.2.orig/src/train_cmd.cpp +++ openttd-0.6.2/src/train_cmd.cpp @@ -996,10 +996,6 @@ */ static void NormaliseTrainConsist(Vehicle *v) { - if (IsFreeWagon(v)) return; - - assert(IsFrontEngine(v)); - for (; v != NULL; v = GetNextVehicle(v)) { if (!IsMultiheaded(v) || !IsTrainEngine(v)) continue;
Attachment:
signature.asc
Description: Digital signature