On 8/26/08, Danté Jones <[EMAIL PROTECTED]> wrote: > Greetings & Salutations, > > The OpenTTD package in the Hardy repository is currently: > > Version: 0.6.0-2 > Priority: optional > Section: multiverse/games > > The current stable version of OpenTTD is 0.6.2 which fixes a buffer > overrun which can be remotely exploited. > > http://www.openttd.org/downloads.php > > Could you please update the version OpenTTD in Hardy to the current > stable, 0.6.2. > Package versions in an Ubuntu release almost never change - one of the goals of the stable release is to be stable in the sense of "will do the same thing tomorrow as it did today".
For serious regressions and security problems (as this may well be), we have stable release update process. For this, it would involve patching the vulnerability rather than packaging the new version. That said, the debian bug report[1] suggests that patching will result in a incompatible server. I'm not sure what we want to do about it. I've opened a bug[2] against hardy; further discussion should probably go there. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493714 [2] https://bugs.edge.launchpad.net/ubuntu/+source/openttd/+bug/261373 -- Ubuntu-motu mailing list Ubuntu-motu@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
