tags 598288 + pending thanks Dear maintainer,
I've prepared an NMU for ember (versioned as 0.5.7-1.1) and uploaded it to mentors.d.n at the following address : http://mentors.debian.net/debian/pool/main/e/ember/ember_0.5.7-1.1.dsc Regards. -- Etienne Millon
diff -u ember-0.5.7/debian/changelog ember-0.5.7/debian/changelog --- ember-0.5.7/debian/changelog +++ ember-0.5.7/debian/changelog @@ -1,3 +1,12 @@ +ember (0.5.7-1.1) unstable; urgency=high + + * Non-maintainer upload. + * ember, ember.in + - Proper escape of LD_LIBRARY_PATH, fixes CVE-2010-3355 "insecure library + loading" (grave, security; Closes: #598288) + + -- Etienne Millon <etienne.mil...@gmail.com> Sun, 24 Oct 2010 17:40:16 +0200 + ember (0.5.7-1) unstable; urgency=low * New upstream release. only in patch2: unchanged: --- ember-0.5.7.orig/debian/patches/cve-2010-3355.patch +++ ember-0.5.7/debian/patches/cve-2010-3355.patch @@ -0,0 +1,28 @@ +diff -Nur -x '*.orig' -x '*~' ember-0.5.7//ember ember-0.5.7.new//ember +--- ember-0.5.7//ember 2009-10-18 22:43:07.000000000 +0200 ++++ ember-0.5.7.new//ember 2010-10-24 17:39:05.000000000 +0200 +@@ -56,8 +56,8 @@ + datadir=${prefix}/share/ember + media_user_dir=${datadir}/media/user + +-LD_LIBRARY=$prefix/lib/ember:$LD_LIBRARY +-LD_LIBRARY_PATH=$prefix/lib/ember:$LD_LIBRARY_PATH ++LD_LIBRARY=$prefix/lib/ember${LD_LIBRARY:+:$LD_LIBRARY} ++LD_LIBRARY_PATH=$prefix/lib/ember${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} + export LD_LIBRARY + export LD_LIBRARY_PATH + +diff -Nur -x '*.orig' -x '*~' ember-0.5.7//ember.in ember-0.5.7.new//ember.in +--- ember-0.5.7//ember.in 2009-07-18 22:04:23.000000000 +0200 ++++ ember-0.5.7.new//ember.in 2010-10-24 17:39:35.000000000 +0200 +@@ -56,8 +56,8 @@ + datadir=${prefix}/share/ember + media_user_dir=${datadir}/media/user + +-LD_LIBRARY=$prefix/lib/ember:$LD_LIBRARY +-LD_LIBRARY_PATH=$prefix/lib/ember:$LD_LIBRARY_PATH ++LD_LIBRARY=$prefix/lib/ember${LD_LIBRARY:+:$LD_LIBRARY} ++LD_LIBRARY_PATH=$prefix/lib/ember${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} + export LD_LIBRARY + export LD_LIBRARY_PATH +
signature.asc
Description: Digital signature