[Pkg-mono-svn-commits] rev 3437 - in non-group/tomboy/trunk/debian: . patches
Sebastian Dröge
slomo at alioth.debian.org
Wed Nov 14 04:36:52 UTC 2007
Author: slomo
Date: 2007-11-14 04:36:52 +0000 (Wed, 14 Nov 2007)
New Revision: 3437
Added:
non-group/tomboy/trunk/debian/patches/02_CVE-2005-4790-insecure-search-path.patch
Modified:
non-group/tomboy/trunk/debian/changelog
Log:
* debian/patches/02_CVE-2005-4790-insecure-search-path.patch:
+ SECURITY, CVE-2005-4790:
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and
10.0, and possibly other distributions, cause the working directory to
be added to LD_LIBRARY_PATH, which might allow local users to execute
arbitrary code via (1) beagle, (2) tomboy, or (3) blam.
NOTE: in August 2007, the tomboy vector was reported for other
distributions.
Patch taken from upstream SVN.
Modified: non-group/tomboy/trunk/debian/changelog
===================================================================
--- non-group/tomboy/trunk/debian/changelog 2007-11-11 11:19:31 UTC (rev 3436)
+++ non-group/tomboy/trunk/debian/changelog 2007-11-14 04:36:52 UTC (rev 3437)
@@ -1,3 +1,17 @@
+tomboy (0.8.1-2) unstable; urgency=high
+
+ * debian/patches/02_CVE-2005-4790-insecure-search-path.patch:
+ + SECURITY, CVE-2005-4790:
+ Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and
+ 10.0, and possibly other distributions, cause the working directory to
+ be added to LD_LIBRARY_PATH, which might allow local users to execute
+ arbitrary code via (1) beagle, (2) tomboy, or (3) blam.
+ NOTE: in August 2007, the tomboy vector was reported for other
+ distributions.
+ Patch taken from upstream SVN.
+
+ -- Sebastian Dröge <slomo at debian.org> Wed, 14 Nov 2007 05:34:45 +0100
+
tomboy (0.8.1-1) unstable; urgency=low
* New upstream bugfix release, with many translation updates.
Added: non-group/tomboy/trunk/debian/patches/02_CVE-2005-4790-insecure-search-path.patch
===================================================================
--- non-group/tomboy/trunk/debian/patches/02_CVE-2005-4790-insecure-search-path.patch (rev 0)
+++ non-group/tomboy/trunk/debian/patches/02_CVE-2005-4790-insecure-search-path.patch 2007-11-14 04:36:52 UTC (rev 3437)
@@ -0,0 +1,37 @@
+Index: Tomboy/tomboy-panel.in
+===================================================================
+--- Tomboy/tomboy-panel.in (revision 1611)
++++ Tomboy/tomboy-panel.in (working copy)
+@@ -1,6 +1,6 @@
+-#!/bin/sh
++#!/bin/bash
+
+-export LD_LIBRARY_PATH="@pkglibdir@:$LD_LIBRARY_PATH"
++export LD_LIBRARY_PATH="@pkglibdir@${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}"
+ export MONO_PATH=$MONO_PATH:@pkglibdir@:@pkglibdir@/addins
+ export TOMBOY_WRAPPER_PATH="@bindir@/@wrapper@"
+
+Index: Tomboy/tomboy.in
+===================================================================
+--- Tomboy/tomboy.in (revision 1611)
++++ Tomboy/tomboy.in (working copy)
+@@ -1,15 +1,15 @@
+-#!/bin/sh
++#!/bin/bash
+
+ if [ "x$PWD" = "x at srcdir@" ] ; then
+ echo "*** Running uninstalled @target@ ***"
+
+- export LD_LIBRARY_PATH="../libtomboy/.libs:$LD_LIBRARY_PATH:./Addins/PrintNotes/.libs"
++ export LD_LIBRARY_PATH="../libtomboy/.libs${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}:./Addins/PrintNotes/.libs"
+ export TOMBOY_WRAPPER_PATH="$PWD/@wrapper@"
+ export MONO_PATH=$MONO_PATH:./Addins:../Mono.Addins/Mono.Addins:../Mono.Addins/Mono.Addins.Setup:../Mono.Addins/Mono.Addins.Gui
+
+ THIS_EXE="--debug ./@target@"
+ else
+- export LD_LIBRARY_PATH="@pkglibdir@:$LD_LIBRARY_PATH"
++ export LD_LIBRARY_PATH="@pkglibdir@${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}"
+ export MONO_PATH=$MONO_PATH:@pkglibdir@:@pkglibdir@/addins
+ export TOMBOY_WRAPPER_PATH="@bindir@/@wrapper@"
+
+
More information about the Pkg-mono-svn-commits
mailing list