please unblock tau/2.16.4-1.4
the debdiff is below
debdiff tau_2.16.4-1.3.dsc tau_2.16.4-1.4.dsc | diffstat
debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff | 35
++
tau-2.16.4/debian/changelog |9 ++
tau-2.16.4/debian/patches/series |1
3 files changed, 45 insertions(+)
debdiff tau_2.16.4-1.3.dsc tau_2.16.4-1.4.dsc
diff -u tau-2.16.4/debian/changelog tau-2.16.4/debian/changelog
--- tau-2.16.4/debian/changelog
+++ tau-2.16.4/debian/changelog
@@ -1,3 +1,12 @@
+tau (2.16.4-1.4) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix CVE-2010-3382 insecure library loading
+Add debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff
+Closes: 598303
+
+ -- Anibal Monsalve Salazar ani...@debian.org Wed, 06 Oct 2010 20:55:41
+1100
+
tau (2.16.4-1.3) unstable; urgency=low
* Non-maintainer upload
diff -u tau-2.16.4/debian/patches/series tau-2.16.4/debian/patches/series
--- tau-2.16.4/debian/patches/series
+++ tau-2.16.4/debian/patches/series
@@ -6,0 +7 @@
+06-598303-CVE-2010-3382-insecure-library-loading.diff
only in patch2:
unchanged:
---
tau-2.16.4.orig/debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff
+++
tau-2.16.4/debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff
@@ -0,0 +1,35 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3382
+http://security-tracker.debian.org/tracker/CVE-2010-3382
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303
+
+Raphael Geissert have found that this package contains a script that
+can be abused by an attacker to execute arbitrary code.
+
+The vulnerability is introduced by an insecure change to
+LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for
+libraries on a directory other than the standard paths.
+
+Vulnerable code follows:
+
+/usr/bin/tauex line 197:
+export LD_LIBRARY_PATH=$TAUROOT/$TAUARCH/lib/$theBinding:$LD_LIBRARY_PATH
+
+When there's an empty item on the colon-separated list of
+LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.)
+If the given script is executed from a directory where a potential,
+local, attacker can write files to, there's a chance to exploit this
+bug.
+
+Patch by Julien Cristau jcris...@debian.org
+
+--- a/tools/src/tauex.in 2007-05-19 09:04:55.0 +1000
b/tools/src/tauex.in 2010-10-06 19:03:38.0 +1100
+@@ -194,7 +194,7 @@ for c in $Counters ; do
+ done
+
+
+-export LD_LIBRARY_PATH=$TAUROOT/$TAUARCH/lib/$theBinding:$LD_LIBRARY_PATH
++export
LD_LIBRARY_PATH=$TAUROOT/$TAUARCH/lib/$theBinding${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+
+ if [ $verbose = true ] ; then
+ echo Matching bindings: $bindings
signature.asc
Description: Digital signature