Hello, recently a bug has been reported for the lenny version of the openscenegraph 2.4.0-1.1 source package, based upon the fact that this package includes an embedded, vulnerable copy of the lib3ds library: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601181 The security team said that our proposed update did not warrant a security update, and that we should make a stable release instead. The Debian Developers of this package and me have now available a new version of the package which removes the embedded copy and makes the compilation process link the generated libraries against Debian system's lib3ds version. I'm attaching the diff in this mail for you to inspect. I wonder if the `high' priority that I have given to this release is fine or not. The testing and unstable versions are fine at the moment, since they embed an unaffected release of lib3ds. Thanks, Alberto
Attachment:
openscenegraph_2.4.0-2+lenny1.diff.gz
Description: Binary data