Comparing the fixes that Debian performed[1], I think this patch may additionally require fixes for CVE-2009-0366. Also, please follow the changelog format in the Security Update Procedures[2], since that will make it easier for us to examine the patches.
I do have a worry that just ripping out Python is the wrong approach to take with this bug, as that drops features as well. However, in the light of upstream's response to the bug (they did the same), I think it makes sense. Will there be AIs that no longer work if this code is removed from wesnoth? [1] http://packages.debian.org/changelogs/pool/main/w/wesnoth/current/changelog [2] https://wiki.ubuntu.com/SecurityUpdateProcedures ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0366 ** Changed in: wesnoth (Ubuntu) Status: In Progress => Incomplete -- proposed diff for hardy-security https://bugs.launchpad.net/bugs/336396 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
