[Pkg-cli-apps-commits] [SCM] Tomboy - desktop note taking program using Wiki style links branch, master, updated. debian/1.2.2-1-2-g421a362
Iain Lane
laney at ubuntu.com
Mon Nov 29 12:07:26 UTC 2010
The following commit has been merged in the master branch:
commit 421a362208c8d58b1dde7dea1cd0cf80b256c115
Author: Iain Lane <laney at ubuntu.com>
Date: Mon Nov 29 12:07:05 2010 +0000
Update changelog
diff --git a/debian/changelog b/debian/changelog
index bcfc4b8..5906ffc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+tomboy (1.2.2-2) UNRELEASED; urgency=high
+
+ * [fbe1c22] Fix insecure LD_LIBRARY_PATH. A vulnerability existed
+ where if LD_LIBRARY_PATH were set but empty, a trailing : as a path
+ separator would still be appended to the path, exposing an
+ insecure/invalid search path. GST_PLUGINS_PATH was similarly
+ vulnerable. Using :+: instead of +: prevents this as ${X:+:$X}
+ returns X iff X is set and not empty whereas ${X+:$X} returns X iff
+ X is set (it may be empty). References: CVE-2010-4005 (Closes:
+ #605096)
+
+ -- Iain Lane <laney at ubuntu.com> Mon, 29 Nov 2010 12:06:41 +0000
+
tomboy (1.2.2-1) unstable; urgency=low
* New upstream bugfix release 1.2.2:
--
Tomboy - desktop note taking program using Wiki style links
More information about the Pkg-cli-apps-commits
mailing list