On 16.02.2014 12:48, Jacob Nevins wrote: > Markus Koschany writes: >> David, the security issues are completely unrelated to your bug report >> and my reply to you only highlighted three options how you could upgrade >> to a more recent version of freeciv. > [...] >> Regarding the security issues the security team decided that they are >> not critical. Nevertheless I intend to ask Debian's release team to >> include the fixes in the next point release. > > Markus, > > Thank you for this explanation, and sorry to have started the noise > about the CVEs in this unrelated bug report.
No worries. The question about the unfixed security issue in stable was justified, although it is unrelated to this bug report. > It wasn't entirely obvious outside the Debian project that the security > team had made a positive decision -- all I saw was bug #696306, with > unanswered requests by release managers for a stable upload. > (I now see "[wheezy] - freeciv <no-dsa> (Minor issue)" on > security-tracker.debian.org, which I assume is the record of this > security team decision, but it's a bit cryptic. In any case, it seems > like a reasonable decision for the project to have made, given the > nature of the vulnerability.) > > Thanks also for considering the fixes for the wheezy point release. I have asked Debian's release managers for an upload to stable and they agreed. https://bugs.debian.org/738662 The package is currently in the proposed-updates queue. https://release.debian.org/proposed-updates/stable.html You can test it by following these instructions https://www.debian.org/releases/proposed-updates.html A good place to watch all relevant facts about freeciv is also this site. http://packages.qa.debian.org/f/freeciv.html I will create a backport for 2.4.2 as soon as the package migrates to testing since I think a lot of people will be happy about it. Have a nice weekend Markus
signature.asc
Description: OpenPGP digital signature
