[Backports-security-announce] Security Update for wesnoth

Gerfried Fuchs uploaded new packages for wesnoth which fixed the
following security problems:

CVE-2009-0367

The implementation of the sandbox for the python AIs was possible to
circumvent, allowing it to execute arbitrary python code on the
client's machine. Please note that the official servers never had such
malicious code and were patched to not accept any python code anymore.

CVE-2009-0366

Through the gzip compression it was possible to send a rather small
compressed map to a server which expanded it in memory, resulting in
memory exhaustion and possible crash.

For the etch-backports distribution the problems have been fixed in
version 1:1.4.4-2+lenny1~bpo40+1.

For the lenny-backports distribution the problems have been fixed in
version 1:1.4.7-4~bpo50+1.

For the sid distribution the problems have been fixed in version
1:1.4.7-4.

Please note that squeeze, the current testing distribution, does not
receive security updates in a timely manner, see the announcement mail
from the testing security team:
<http://lists.debian.org/debian-testing-security-announce/2008/12/msg00019.html&gt;

Upgrade instructions

If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t etch-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions&gt;

We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:

Package: *
Pin: release a=etch-backports
Pin-Priority: 200