* Jamie Strandboge <[email protected]> [2009-03-19 15:28:42 CET]: > > I did like I was adviced, and I'm sorry that it doesn't please you > enough > > This isn't so much about 'pleasing us enough' as about ensuring the > patch is correct and well tested.
I can't completely follow. Is six different patched versions that I did for Debian (1.2, 1.4.4 (twice in different environment), 1.4.7 (twice in different environment), 1.5.11) not well enough tested for you? Is the acceptance by the Debian security team in a DSA not well enough tested for you? > This package is in universe and is community supported and as such, > needs caring people like yourself to tend to it. I really thought I did so - but it's your call to accept it, not mine. > I'm reviewing the patches today and will report back if I have any > questions. Sure, you're welcome. Btw., for completeness: #v+ + - Pull limit-mapsize patch from upstream svn r32987 to avoid hanging of + wesnoth/exhausting system memory (Upstream Bug #13031) #v- This part in the changelog received a CVE ID in the meantime: CVE-2009-0878 - you might want to incorporate that into the changelog. I didn't prepare a patch for intrepid because I was told that there is an update in intrepid-proposed already and I haven't received any informations about on which version I should base the patch on - the one actually _in_ intrepid, or the version in intrepid-proposed. About the backports I guess it's just similar to Debian backports: Taking the new (security) upload and building it for there, so most propably no patch needed there, right? I also know that wesnoth is in universe and don't receive regular security support - on the other hand, this issue isn't a random DoS but a arbitrary code execution issue that shouldn't get ignored like it was in the last weeks. I'm quite a bit disappointed here both with the delays and with the kind of responses, to say the least. :/ Thanks anyway. Rhonda -- Wesnoth security fixes https://bugs.launchpad.net/bugs/336396 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs -- universe-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/universe-bugs
