Comment 2 for bug 336396

Revision history for this message
Kees Cook (kees) wrote : Re: proposed diff for hardy-security

Comparing the fixes that Debian performed[1], I think this patch may additionally require fixes for CVE-2009-0366. Also, please follow the changelog format in the Security Update Procedures[2], since that will make it easier for us to examine the patches.

I do have a worry that just ripping out Python is the wrong approach to take with this bug, as that drops features as well. However, in the light of upstream's response to the bug (they did the same), I think it makes sense. Will there be AIs that no longer work if this code is removed from wesnoth?

[1] http://packages.debian.org/changelogs/pool/main/w/wesnoth/current/changelog
[2] https://wiki.ubuntu.com/SecurityUpdateProcedures