On Wed, Jan 02, 2013 at 08:31:12AM +0100, Moritz Muehlenhoff wrote:
> On Wed, Dec 19, 2012 at 01:38:30PM +0200, Marko Lindqvist wrote:
> > On 19 December 2012 09:02, Moritz Muehlenhoff <j...@inutil.org> wrote:
> > > Package: freeciv
> > > Severity: important
> > > Tags: security
> > >
> > > Hi,
> > > please see http://aluigi.altervista.org/adv/freecivet-adv.txt
> >
> > That's two issues...
> >
> > > Bug: http://gna.org/bugs/?20003
> >
> > ... reported in one freeciv ticket.
> >
> > That CVE is a bit unfortunate that it (currently) has description
> > containing both parts but fix provided is only one part. I think it's
> > quite likely that they will assign new CVE for the other half to sort
> > this out.
> >
> > > Fix: http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21670
> >
> > Patch from stable S2_3 branch (where 2.3.x releases come from):
> > http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21672
> >
> > And the other fix not listed in CVE: trunk:
> > http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21701 /
> > S2_3: http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21703
>
> FTR, the additional issue has been assigned CVE-2012-6083:
> http://www.openwall.com/lists/oss-security/2012/12/31/2
Freeciv maintainers,
it's been two months. Can you please upload a fixed package?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
