CVE-2009-4007 (DoS of OpenTTD < 0.7.5)

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Attached are the debdiffs for the 'stable' releases. For Lucid I recommend pulling 0.7.5 from Debian unstable/testing.

Subscribing ubuntu-security-sponsors per https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue. Sorry for the delay, this got missed because it didn't follow the procedures in the aforementioned wiki page.

Remko, thank you for your patches for openttd. Unfortunately I cannot process them because they do not follow the procedures detailed in https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging. Specifically:

* the hardy patch uses 'dpatch' as the patch system, but your debdiff patches inline
* the distribution name is set to 'stable' for all debdiffs. This should be '<ubuntu release>-security' for each debdiff. Eg, for hardy, use 'hardy-security'
* the version is incorrect for each debdiff. Please see https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging for details
* you used the Debian packager's name in the changelog. You should use your own since Matthijs Kooijman did not prepare these debdiffs, you did

As per https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue I am unsubscribing ubuntu-security-sponsors, marking the bug Incomplete and assigning to you. Please resubscribe ubuntu-security-sponsors and set the status to 'NEW' when the changes are complete, and detail the testing performed.

Thanks again for your work on this!

I don't have an Ubuntu system so can't test it, as such I can't meet the requirements.

Jaunty reached end-of-life on 23 October 2010. The bug is marked as fixed in later versions of Ubuntu

Thank you for reporting this bug and helping to make Ubuntu better. The package referred to in this bug is in universe or multiverse and reported against a release of Ubuntu (karmic) which no longer receives updates outside of the explicitly supported LTS packages. While the bug against karmic is being marked "Won't Fix" for now, if you are interested feel free to post a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures'

Please feel free to report any other bugs you may find.

Thank you for reporting this bug and helping to make Ubuntu better. The package referred to in this bug is in universe or multiverse and reported against a release of Ubuntu (hardy) which no longer receives updates outside of the explicitly supported LTS packages. While the bug against hardy is being marked "Won't Fix" for now, if you are interested feel free to post a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures'

Please feel free to report any other bugs you may find.

Whoops, karmic is EOL and we won't be prcessing any debdiffs for it.