[Pkg-cli-apps-commits] [SCM] tangerine branch, master, updated. debian/0.3.2.2-5-3-g066f843
Iain Lane
laney at ubuntu.com
Sun Oct 24 16:16:47 UTC 2010
The following commit has been merged in the master branch:
commit 7c5366d762c12750e4dc723bbbdc27a4132ede2d
Author: Iain Lane <laney at ubuntu.com>
Date: Sun Oct 24 17:01:36 2010 +0100
Fix security issue CVE-2010-3381 (insecure library loading)
Closes: 598302
Thanks: Etienne Millon <etienne.millon at gmail.com>
diff --git a/debian/patches/CVE-2010-3381-insecure-library-loading b/debian/patches/CVE-2010-3381-insecure-library-loading
new file mode 100644
index 0000000..d5beffc
--- /dev/null
+++ b/debian/patches/CVE-2010-3381-insecure-library-loading
@@ -0,0 +1,24 @@
+Index: tangerine.git/Tangerine.Daemon/tangerine.in
+===================================================================
+--- tangerine.git.orig/Tangerine.Daemon/tangerine.in 2010-10-24 16:58:40.074049837 +0100
++++ tangerine.git/Tangerine.Daemon/tangerine.in 2010-10-24 16:58:14.092044082 +0100
+@@ -4,7 +4,7 @@
+ libdir=@libdir@
+ includedir=@includedir@
+
+-export LD_LIBRARY_PATH=@libdir@/tangerine:$LD_LIBRARY_PATH
++export LD_LIBRARY_PATH=@libdir@/tangerine${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+ export MONO_PATH=$MONO_PATH:@BANSHEE_INDEXER_DLL@
+
+ if test "x$TANGERINE_DEBUG" != "x"; then \
+Index: tangerine.git/TangerineProperties/tangerine-properties.in
+===================================================================
+--- tangerine.git.orig/TangerineProperties/tangerine-properties.in 2010-10-24 16:58:39.834031305 +0100
++++ tangerine.git/TangerineProperties/tangerine-properties.in 2010-10-24 16:58:35.203673858 +0100
+@@ -5,5 +5,5 @@
+ libdir=@libdir@
+ includedir=@includedir@
+
+-export LD_LIBRARY_PATH=@libdir@/tangerine:$LD_LIBRARY_PATH
++export LD_LIBRARY_PATH=@libdir@/tangerine${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+ exec -a tangerine-properties mono @libdir@/tangerine/tangerine-properties.exe "$@"
diff --git a/debian/patches/series b/debian/patches/series
index 2b3fcc9..c5f125e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
kfreebsd_use_assemblyrefs_in_configure.ac.patch
+CVE-2010-3381-insecure-library-loading
--
tangerine
More information about the Pkg-cli-apps-commits
mailing list