[Pkg-cli-apps-commits] [SCM] mistelix branch, master, updated. debian/0.31-1-4-ge653320

[Siegfried-Angel Gevatter Pujals]

The following commit has been merged in the master branch:
commit e653320def18027ed2e6ccdeb836b36f35aedbb1
Author: Siegfried-Angel Gevatter Pujals <rainct at ubuntu.com>
Date:   Wed Sep 29 13:07:38 2010 +0200

    Fix insecure LD_LIBRARY_PATH setting (Closes: #598297). CVE-2010-3365.

diff --git a/debian/changelog b/debian/changelog
index 3bc4c7a..879a0ab 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,9 @@
-mistelix (0.31-2) UNRELEASED; urgency=low
+mistelix (0.31-2) unstable; urgency=high
 
-  * .....
+  * Fix insecure LD_LIBRARY_PATH setting (Closes: #598297).
+    CVE-2010-3365.
 
- -- Siegfried-Angel Gevatter Pujals <rainct at ubuntu.com>  Sat, 13 Feb 2010 13:23:11 +0100
+ -- Siegfried-Angel Gevatter Pujals <rainct at ubuntu.com>  Wed, 29 Sep 2010 12:58:25 +0200
 
 mistelix (0.31-1) unstable; urgency=low
 
diff --git a/debian/patches/insecure-library-loading.patch b/debian/patches/insecure-library-loading.patch
new file mode 100644
index 0000000..d449544
--- /dev/null
+++ b/debian/patches/insecure-library-loading.patch
@@ -0,0 +1,15 @@
+## Description: Fix insecure LD_LIBRARY_PATH redefinition
+## Origin/Author: Siegfried-Angel Gevatter Pujals <rainct at ubuntu.com>
+## Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598297
+diff -Nur -x '*.orig' -x '*~' mistelix//src/mistelix.in mistelix.new//src/mistelix.in
+--- mistelix//src/mistelix.in	2010-02-12 18:55:52.000000000 +0100
++++ mistelix.new//src/mistelix.in	2010-09-29 13:04:48.570000001 +0200
+@@ -5,7 +5,7 @@
+ libdir=@libdir@ 
+ 
+ export DYLD_LIBRARY_PATH=$libdir/mistelix/:$DYLD_LIBRARY_PATH
+-export LD_LIBRARY_PATH=$libdir/mistelix/:$LD_LIBRARY_PATH
++export LD_LIBRARY_PATH=$libdir/mistelix/${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+ export GST_PLUGIN_PATH=$libdir/mistelix/gstreamer/:$GST_PLUGIN_PATH
+ 
+ MONO_EXE="$libdir/mistelix/mistelix.exe"

-- 
mistelix