Markus Koschany writes: > David, the security issues are completely unrelated to your bug report > and my reply to you only highlighted three options how you could upgrade > to a more recent version of freeciv. [...] > Regarding the security issues the security team decided that they are > not critical. Nevertheless I intend to ask Debian's release team to > include the fixes in the next point release.
Markus, Thank you for this explanation, and sorry to have started the noise about the CVEs in this unrelated bug report. It wasn't entirely obvious outside the Debian project that the security team had made a positive decision -- all I saw was bug #696306, with unanswered requests by release managers for a stable upload. (I now see "[wheezy] - freeciv <no-dsa> (Minor issue)" on security-tracker.debian.org, which I assume is the record of this security team decision, but it's a bit cryptic. In any case, it seems like a reasonable decision for the project to have made, given the nature of the vulnerability.) Thanks also for considering the fixes for the wheezy point release. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org