Bug#598288: ember: diff for NMU version 0.5.7-1.1

Sun, 24 Oct 2010 10:57:20 -0700 

tags 598288 + pending
thanks

Dear maintainer,

I've prepared an NMU for ember (versioned as 0.5.7-1.1) and uploaded
it to mentors.d.n at the following address :

http://mentors.debian.net/debian/pool/main/e/ember/ember_0.5.7-1.1.dsc

Regards.

-- 
Etienne Millon

diff -u ember-0.5.7/debian/changelog ember-0.5.7/debian/changelog
--- ember-0.5.7/debian/changelog
+++ ember-0.5.7/debian/changelog
@@ -1,3 +1,12 @@
+ember (0.5.7-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * ember, ember.in
+    - Proper escape of LD_LIBRARY_PATH, fixes CVE-2010-3355 "insecure library
+      loading" (grave, security; Closes: #598288)
+
+ -- Etienne Millon <etienne.mil...@gmail.com>  Sun, 24 Oct 2010 17:40:16 +0200
+
 ember (0.5.7-1) unstable; urgency=low
 
   * New upstream release.
only in patch2:
unchanged:
--- ember-0.5.7.orig/debian/patches/cve-2010-3355.patch
+++ ember-0.5.7/debian/patches/cve-2010-3355.patch
@@ -0,0 +1,28 @@
+diff -Nur -x '*.orig' -x '*~' ember-0.5.7//ember ember-0.5.7.new//ember
+--- ember-0.5.7//ember	2009-10-18 22:43:07.000000000 +0200
++++ ember-0.5.7.new//ember	2010-10-24 17:39:05.000000000 +0200
+@@ -56,8 +56,8 @@
+ datadir=${prefix}/share/ember
+ media_user_dir=${datadir}/media/user
+ 
+-LD_LIBRARY=$prefix/lib/ember:$LD_LIBRARY
+-LD_LIBRARY_PATH=$prefix/lib/ember:$LD_LIBRARY_PATH
++LD_LIBRARY=$prefix/lib/ember${LD_LIBRARY:+:$LD_LIBRARY}
++LD_LIBRARY_PATH=$prefix/lib/ember${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+ export LD_LIBRARY
+ export LD_LIBRARY_PATH
+ 
+diff -Nur -x '*.orig' -x '*~' ember-0.5.7//ember.in ember-0.5.7.new//ember.in
+--- ember-0.5.7//ember.in	2009-07-18 22:04:23.000000000 +0200
++++ ember-0.5.7.new//ember.in	2010-10-24 17:39:35.000000000 +0200
+@@ -56,8 +56,8 @@
+ datadir=${prefix}/share/ember
+ media_user_dir=${datadir}/media/user
+ 
+-LD_LIBRARY=$prefix/lib/ember:$LD_LIBRARY
+-LD_LIBRARY_PATH=$prefix/lib/ember:$LD_LIBRARY_PATH
++LD_LIBRARY=$prefix/lib/ember${LD_LIBRARY:+:$LD_LIBRARY}
++LD_LIBRARY_PATH=$prefix/lib/ember${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+ export LD_LIBRARY
+ export LD_LIBRARY_PATH
+

Attachment: signature.asc
Description: Digital signature

Reply via email to