[Pkg-cli-apps-commits] [SCM] Tomboy - desktop note taking program using Wiki style links branch, master, updated. debian/1.2.2-1-2-gdc7864a

[Iain Lane]

The following commit has been merged in the master branch:
commit dc7864a56e98fcc0d1dc64e4fbf40a9808f8d330
Author: Iain Lane <laney at ubuntu.com>
Date:   Mon Nov 29 18:59:20 2010 +0000

    Update changelog

diff --git a/debian/changelog b/debian/changelog
index bcfc4b8..e761614 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+tomboy (1.2.2-2) UNRELEASED; urgency=high
+
+  * [bc0695b] Fix insecure LD_LIBRARY_PATH. A vulnerability existed
+    where if LD_LIBRARY_PATH were set but empty, a trailing : as a path
+    separator would still be appended to the path, exposing an
+    insecure/invalid search path. Using :+: instead of +: prevents this
+    as ${X:+:$X} returns X iff X is set and not empty whereas ${X+:$X}
+    returns X iff X is set (it may be empty). References: CVE-2010-4005
+    (Closes: #605096)
+
+ -- Iain Lane <laney at ubuntu.com>  Mon, 29 Nov 2010 18:59:02 +0000
+
 tomboy (1.2.2-1) unstable; urgency=low
 
   * New upstream bugfix release 1.2.2:

-- 
Tomboy - desktop note taking program using Wiki style links