Bug#605095: banshee: diff for NMU version 1.6.1-1.1

Thu, 02 Dec 2010 07:27:20 -0800 

tags 605095 + patch
tags 605095 + pending
thanks

Dear maintainer,

I've prepared an NMU for banshee (versioned as 1.6.1-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.

diff -Nru banshee-1.6.1/debian/changelog banshee-1.6.1/debian/changelog
--- banshee-1.6.1/debian/changelog	2010-05-21 11:11:25.000000000 +0200
+++ banshee-1.6.1/debian/changelog	2010-12-02 16:09:55.000000000 +0100
@@ -1,3 +1,14 @@
+banshee (1.6.1-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Apply security fix for CVE-2010-3998 to fix insecure library loading
+    (Closes: #605095)
+  * Thanks to Moritz Muehlenhoff for the pointer and Vincent Danen for the
+    patch!
+  * Set urgency to high due to security related RC fix
+
+ -- Alexander Reichle-Schmehl <toli...@debian.org>  Thu, 02 Dec 2010 16:09:41 +0100
+
 banshee (1.6.1-1) unstable; urgency=low
 
   * New bugfix upstream release:
diff -Nru banshee-1.6.1/debian/patches/CVE-2010-3998.patch banshee-1.6.1/debian/patches/CVE-2010-3998.patch
--- banshee-1.6.1/debian/patches/CVE-2010-3998.patch	1970-01-01 01:00:00.000000000 +0100
+++ banshee-1.6.1/debian/patches/CVE-2010-3998.patch	2010-12-02 16:09:29.000000000 +0100
@@ -0,0 +1,13 @@
+--- a/src/Clients/Booter/banshee-1.linux.in
++++ b/src/Clients/Booter/banshee-1.linux.in
+@@ -7,8 +7,8 @@ MONO_EXE="@expanded_libdir@/@PACKAGE@/$e
+ BANSHEE_EXEC_NAME=$(basename $0)
+ BANSHEE_CONFIG_DIR="${XDG_CONFIG_HOME:-$HOME/.config}/banshee-1"
+ 
+-export ld_library_pa...@expanded_libdir@:@expanded_libdir@/@PACKAGE@:@expanded_libdir@/@PACKAGE@/Extensions${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
+-export gst_plugin_pa...@expanded_libdir@/@PACKAGE@/gstreamer-0.10${GST_PLUGIN_PATH+:$GST_PLUGIN_PATH}
++export ld_library_pa...@expanded_libdir@:@expanded_libdir@/@PACKAGE@:@expanded_libdir@/@PACKAGE@/Extensions${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
++export gst_plugin_pa...@expanded_libdir@/@PACKAGE@/gstreamer-0.10${GST_PLUGIN_PATH:+:$GST_PLUGIN_PATH}
+ if [ $BANSHEE_EXEC_NAME = "muinshee" ]; then
+     BANSHEE_CLIENT="Muinshee"
+     export mono_pa...@expanded_libdir@/@PACKAGE@/Extensions
diff -Nru banshee-1.6.1/debian/patches/series banshee-1.6.1/debian/patches/series
--- banshee-1.6.1/debian/patches/series	2010-05-21 11:01:04.000000000 +0200
+++ banshee-1.6.1/debian/patches/series	2010-12-02 16:00:21.000000000 +0100
@@ -1 +1,2 @@
 99_ltmain_as-needed.patch
+CVE-2010-3998.patch

Reply via email to