[Pkg-mono-svn-commits] rev 3437 - in non-group/tomboy/trunk/debian: . patches

Sebastian Dröge slomo at alioth.debian.org
Wed Nov 14 04:36:52 UTC 2007


Author: slomo
Date: 2007-11-14 04:36:52 +0000 (Wed, 14 Nov 2007)
New Revision: 3437

Added:
   non-group/tomboy/trunk/debian/patches/02_CVE-2005-4790-insecure-search-path.patch
Modified:
   non-group/tomboy/trunk/debian/changelog
Log:
* debian/patches/02_CVE-2005-4790-insecure-search-path.patch:
  + SECURITY, CVE-2005-4790:
    Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and
    10.0, and possibly other distributions, cause the working directory to
    be added to LD_LIBRARY_PATH, which might allow local users to execute
    arbitrary code via (1) beagle, (2) tomboy, or (3) blam.
    NOTE: in August 2007, the tomboy vector was reported for other
    distributions.
    Patch taken from upstream SVN.

Modified: non-group/tomboy/trunk/debian/changelog
===================================================================
--- non-group/tomboy/trunk/debian/changelog	2007-11-11 11:19:31 UTC (rev 3436)
+++ non-group/tomboy/trunk/debian/changelog	2007-11-14 04:36:52 UTC (rev 3437)
@@ -1,3 +1,17 @@
+tomboy (0.8.1-2) unstable; urgency=high
+
+  * debian/patches/02_CVE-2005-4790-insecure-search-path.patch:
+    + SECURITY, CVE-2005-4790:
+      Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and
+      10.0, and possibly other distributions, cause the working directory to
+      be added to LD_LIBRARY_PATH, which might allow local users to execute
+      arbitrary code via (1) beagle, (2) tomboy, or (3) blam.
+      NOTE: in August 2007, the tomboy vector was reported for other
+      distributions.
+      Patch taken from upstream SVN.
+
+ -- Sebastian Dröge <slomo at debian.org>  Wed, 14 Nov 2007 05:34:45 +0100
+
 tomboy (0.8.1-1) unstable; urgency=low
 
   * New upstream bugfix release, with many translation updates.

Added: non-group/tomboy/trunk/debian/patches/02_CVE-2005-4790-insecure-search-path.patch
===================================================================
--- non-group/tomboy/trunk/debian/patches/02_CVE-2005-4790-insecure-search-path.patch	                        (rev 0)
+++ non-group/tomboy/trunk/debian/patches/02_CVE-2005-4790-insecure-search-path.patch	2007-11-14 04:36:52 UTC (rev 3437)
@@ -0,0 +1,37 @@
+Index: Tomboy/tomboy-panel.in
+===================================================================
+--- Tomboy/tomboy-panel.in	(revision 1611)
++++ Tomboy/tomboy-panel.in	(working copy)
+@@ -1,6 +1,6 @@
+-#!/bin/sh
++#!/bin/bash
+ 
+-export LD_LIBRARY_PATH="@pkglibdir@:$LD_LIBRARY_PATH"
++export LD_LIBRARY_PATH="@pkglibdir@${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}"
+ export MONO_PATH=$MONO_PATH:@pkglibdir@:@pkglibdir@/addins
+ export TOMBOY_WRAPPER_PATH="@bindir@/@wrapper@"
+ 
+Index: Tomboy/tomboy.in
+===================================================================
+--- Tomboy/tomboy.in	(revision 1611)
++++ Tomboy/tomboy.in	(working copy)
+@@ -1,15 +1,15 @@
+-#!/bin/sh
++#!/bin/bash
+ 
+ if [ "x$PWD" = "x at srcdir@" ] ; then
+     echo "*** Running uninstalled @target@ ***"
+ 
+-    export LD_LIBRARY_PATH="../libtomboy/.libs:$LD_LIBRARY_PATH:./Addins/PrintNotes/.libs"
++    export LD_LIBRARY_PATH="../libtomboy/.libs${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}:./Addins/PrintNotes/.libs"
+     export TOMBOY_WRAPPER_PATH="$PWD/@wrapper@"
+     export MONO_PATH=$MONO_PATH:./Addins:../Mono.Addins/Mono.Addins:../Mono.Addins/Mono.Addins.Setup:../Mono.Addins/Mono.Addins.Gui
+ 
+     THIS_EXE="--debug ./@target@"
+ else
+-    export LD_LIBRARY_PATH="@pkglibdir@:$LD_LIBRARY_PATH"
++    export LD_LIBRARY_PATH="@pkglibdir@${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}"
+     export MONO_PATH=$MONO_PATH:@pkglibdir@:@pkglibdir@/addins
+     export TOMBOY_WRAPPER_PATH="@bindir@/@wrapper@"
+ 
+




More information about the Pkg-mono-svn-commits mailing list