Hi, On Tue, 2009-12-22 at 17:32 +0100, Matthijs Kooijman wrote: > The openttd package contains a remote crash vulnerability that is easily > exploited. Upstream will fix the bug in its upcoming release. Since that > will be released in a few days, I will not provide complete details on > the exploit, just the patch. > > Since openttd is in contrib, this fix is not going through the > stable-security repository. > > The debdiff is below, most of the diff is putting the dpatch stuff > (back) into place. Only the last chunk is the actual bugfix.
The fix itself is fine. However, introducing new dependencies or patch systems is not an appropriate change to make in a stable update. If you were to upload an update which included the bugfix without the packaging changes then I'd be happy to accept that. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org