Feisty Backports

Please backport wesnoth 1.2.8-1 from Hardy. Fixes 3 CVEs

Bug #173924 reported by Emilio Pozuelo Monfort on 2007-12-04

12

Affects		Status	Importance	Assigned to	Milestone
	Edgy Backports	Invalid	Undecided	Unassigned
	Feisty Backports	Fix Released	Medium	Unassigned

Bug Description

Please backport wesnoth 1.2.8-1 from Hardy.

feisty-backports has version 1.2.5, which is vulnerable to 3 CVEs.

https://bugs.edge.launchpad.net/bugs/cve/2007-3917
https://bugs.edge.launchpad.net/bugs/cve/2007-5742
https://bugs.edge.launchpad.net/bugs/cve/2007-6201

Thanks.

Revision history for this message

Jérôme Guelfucci (jerome-guelfucci-deactivatedaccount) wrote on 2007-12-09:

#1

I asked for the sync of the next release of wesnoth (bug #175068), we could wait until it's done.

Revision history for this message

Emilio Pozuelo Monfort (pochu) wrote on 2007-12-09:

#2

No need to wait, as it won't be synced, since 1.3.x is unstable.

I'd appreciate (well, not me, but backports users) a backport of 1.2.8.

Thanks

Revision history for this message

Jérôme Guelfucci (jerome-guelfucci-deactivatedaccount) wrote on 2007-12-09:

#3

To apologize I tested the build and install :) , everything works fine and the saved missions seem to work. It's safe to backport this.

Revision history for this message

Jérôme Guelfucci (jerome-guelfucci-deactivatedaccount) wrote on 2007-12-09:

#4

I also forgot to say I also tested for Gutsy, and everything is fine.

Revision history for this message

Emilio Pozuelo Monfort (pochu) wrote on 2007-12-09:

#5

Thanks Jérôme for the testing!

I've opened the Edgy request here, let's track all of them in the same bug.

Changed in feisty-backports:
status:	New → Confirmed
Changed in gutsy-backports:
status:	New → Confirmed

Revision history for this message

Jérôme Guelfucci (jerome-guelfucci-deactivatedaccount) wrote on 2007-12-09:

#6

i can't test for edgy as I don't have it anymore :)

Revision history for this message

Scott Kitterman (kitterman) wrote on 2007-12-12:

#7

The CVEs must be fixed in -security uploads not via backports unless someone can convince me it's impossible.

Revision history for this message

Jérôme Guelfucci (jerome-guelfucci-deactivatedaccount) wrote on 2007-12-13:

#8

Scott Kitterman: even if the CVEs are in the backported package ? (1.2.5 is in feisty backports) I thought -security was for packages that were in the main-universe-multiverse archive.

Revision history for this message

Scott Kitterman (kitterman) wrote on 2007-12-13:

#9

Sorry. Missed that they were already fixed.

Revision history for this message

Scott Kitterman (kitterman) wrote on 2007-12-13:

#10

Ack from ubuntu-backporters for Feisty.

Changed in feisty-backports:
importance:	Undecided → Medium
status:	Confirmed → In Progress

Revision history for this message

Scott Kitterman (kitterman) wrote on 2007-12-13:

#11

Ack from ubuntu-bakcporters for Gutsy.

Changed in gutsy-backports:
status:	Confirmed → In Progress

Revision history for this message

Jonathan Riddell (jr) wrote on 2007-12-18:

#12

* Trying to backport wesnoth...
  - <wesnoth_1.2.8.orig.tar.gz: downloading from librarian>
  - <wesnoth_1.2.8-1.diff.gz: downloading from librarian>
  - <wesnoth_1.2.8-1.dsc: downloading from librarian>
I: Extracting wesnoth_1.2.8-1.dsc ... done.
I: Building backport of wesnoth-1.2.8 as 1:1.2.8-1~feisty1 ...

Changed in feisty-backports:
status:	In Progress → Fix Released

Revision history for this message

Jonathan Riddell (jr) wrote on 2007-12-18:

#13

* Trying to backport wesnoth...
  - <wesnoth_1.2.8.orig.tar.gz: downloading from librarian>
  - <wesnoth_1.2.8-1.diff.gz: downloading from librarian>
  - <wesnoth_1.2.8-1.dsc: downloading from librarian>
I: Extracting wesnoth_1.2.8-1.dsc ... done.
I: Building backport of wesnoth-1.2.8 as 1:1.2.8-1~gutsy1 ...

Changed in gutsy-backports:
status:	In Progress → Fix Released

Revision history for this message

Martin Pitt (pitti) wrote on 2007-12-21:

#14

Unsub'ing ubuntu-archive. Please resubscribe if/when edgy gets ack'ed.

Revision history for this message

Michael Casadevall (mcasadevall) wrote on 2008-08-25: none

#15

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

status invalid
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: http://getfiregpg.org

iEYEARECAAYFAkiyPv4ACgkQpblTBJ2i2pt2tACeKMfuWXBOwHbH3Qnw3VMqFioX
H8AAnjrzHUYmv2SNyCUndmYV0zT4pK0d
=hA6P
-----END PGP SIGNATURE-----

Michael Casadevall (mcasadevall) on 2008-08-25

Changed in edgy-backports:
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #173925

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.