Comment 7 for bug 336396

* Jamie Strandboge <email address hidden> [2009-03-19 15:28:42 CET]:
> > I did like I was adviced, and I'm sorry that it doesn't please you
> enough
>
> This isn't so much about 'pleasing us enough' as about ensuring the
> patch is correct and well tested.

 I can't completely follow. Is six different patched versions that I did
for Debian (1.2, 1.4.4 (twice in different environment), 1.4.7 (twice in
different environment), 1.5.11) not well enough tested for you? Is the
acceptance by the Debian security team in a DSA not well enough tested
for you?

> This package is in universe and is community supported and as such,
> needs caring people like yourself to tend to it.

 I really thought I did so - but it's your call to accept it, not mine.

> I'm reviewing the patches today and will report back if I have any
> questions.

 Sure, you're welcome. Btw., for completeness:

#v+
+ - Pull limit-mapsize patch from upstream svn r32987 to avoid hanging of
+ wesnoth/exhausting system memory (Upstream Bug #13031)
#v-

 This part in the changelog received a CVE ID in the meantime:
CVE-2009-0878 - you might want to incorporate that into the changelog.

 I didn't prepare a patch for intrepid because I was told that there is
an update in intrepid-proposed already and I haven't received any
informations about on which version I should base the patch on - the one
actually _in_ intrepid, or the version in intrepid-proposed. About the
backports I guess it's just similar to Debian backports: Taking the new
(security) upload and building it for there, so most propably no patch
needed there, right?

 I also know that wesnoth is in universe and don't receive regular
security support - on the other hand, this issue isn't a random DoS but
a arbitrary code execution issue that shouldn't get ignored like it was
in the last weeks. I'm quite a bit disappointed here both with the
delays and with the kind of responses, to say the least. :/

 Thanks anyway.
Rhonda