On Thu, 2010-11-18 at 20:20 +0100, Christian Ohm wrote: > Debian Squeeze currently has version 2.3.4 (Ubuntu as well), which is a bit > broken. Not sure if it should be removed completely though. Maybe just add a > message like "this version is probably outdated, get the current one from > wz2100.net or backports.org" (Pabs: do you maintain the backports as well?) on > the quit screen and package description.
I do maintain the backport as well. Haven't done any uploads recently since I wanted to get squeeze in shape. > I've made a branch with proposed fixes (that don't affect sync) for it at > http://gitorious.org/~cybersphinx/warzone2100/warzone-cybersphinx/commits/2.3.4_maint > (the first two fix the crashes with unicode, the last a memory corruption). > That should fix the worst problems; armor etc. could only be fixed in a new > branch that can't play with normal 2.3.4, I don't think anyone wants to > actually maintain that. Hmm. According to buginator/vexed, there are some other issues with 2.3.4 that are potentially exploitable remotely: http://paste.debian.net/plain/100261 Not sure if the 3 fixes you suggest are relevant to Debian stable: cab4ec0e1e7c4b94d1269428ac29c7c458e6b35d seems to be a UI thing? 1d97d98dbb6e3b8b6113d16ac01bc98b3d3405df same 3c610c7b8d0affd1d0031f7d73038aabd4c48a5f not sure which context causes memory corruption - is that remotely exploitable? -- bye, pabs http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Warzone-dev mailing list Warzone-dev@gna.org https://mail.gna.org/listinfo/warzone-dev
