On Sat, Jan 24, 2004 at 12:35:42PM +0100, Marco Herrn wrote: > On Sat, Jan 24, 2004 at 12:24:16AM +0000, Steve Kemp wrote: > > A minor patch is included below which would be nice to include. > > OK, I will include it. Where do you got that patch from? Is it known to > upstream? It seems, that it is not applied to the head in CVS.
It's not known to upstream yet, I imagined that you might submit it after including it yourself. The patch came from me, after a mimimal audit of the source code - I tend to examine most ITP's to see if I can see flaws in the code, see the URL in my sig for details. I know that your game isn't going to be setuid/setgid but it's a legitimate bug fix regardless - if you were to make the game setgid then this would prevent a local exploit. Otherwise it's just a cleanup which prevents a crash. -- Steve -- # Debian Security Audit Project http://www.steve.org.uk/Debian/