On 10.02.2014 04:20, David Christensen wrote: > On 02/09/2014 05:45 PM, Jacob Nevins wrote: >> This is a known upstream bug in 2.3.2 (bug #20050) ... >> ... open security issues ... CVE-2012-5645, CVE-2012-6083. > > Should I expect an "apt-get update" and "apt-get upgrade" to fix these > bugs/ issues in the future, or not? If so, when? If not, why?
Hi David, There are three different options: 1. You could wait for the next stable release, Jessie, which is going to be released in the first half of 2015. Then "apt-get update && apt-get dist-upgrade" will upgrade your whole system to the new stable release and to the latest and fixed version of freeciv. 2. I intend to backport 2.4.1 to wheezy. Depending on whether I can find someone who uploads the game to backports, the game will probably be available next week. http://backports.debian.org/Instructions/ 3. *Disclaimer* Only for experienced users You can also decide to mix stable and testing or even stable and unstable. You need to add a new line to /etc/apt/sources.list deb http://ftp.uk.debian.org/debian testing main I also recommend to create this file with the following content /etc/apt/apt.conf.d/10default-release APT::Default-Release "stable"; You can then "mix" two different Debian distributions, whereas stable will be the preferred one, and install freeciv from testing with apt-get update && apt-get install freeciv -t testing I recommend to choose option 2. > p.s. I don't know if "Reply to All" is the correct way to reply to > Jacob's message. A canned footer with reply instructions would be helpful. Replying to the bug report [email protected] is sufficient. Everyone who has subscribed to the package will then receive a notification. Thanks for your bug report. Since the bug is fixed in newer versions of freeciv, I intend to close it as soon as 2.4.1 enters Debian backports. Regards, Markus
signature.asc
Description: OpenPGP digital signature
