Coin, Martin Pitt <[EMAIL PROTECTED]> writes:
> This is CAN-2005-2875. If you fix this, please mention this number in > the changelog. Thanks. > However, since this seems to be intrinsically hard to fix (apart from > completely changing the data format), it may be advisable to remove > this package from testing. > > Gentoo's security advisory consisted of the removal from the ebuilds. Gentoo is not a reference... I asked the author who made a quick fix disabling network mode. Both py2play and soya are soon to be uploaded. py2play is still necessary because it manages the game's main loop and a real dependency removal would have taken much more time. Cleanups later... py2play is 1.0.7 on all distribs, so it's ok, 1.0.8 only fixes this security problem and can be pushed to sarge. I'm asking for a patch for slune 1.0.7 for sarge. Stay tuned and please do not yet remove packages. -- Marc Dequènes (Duck)
pgptkU54qff5M.pgp
Description: PGP signature
