Hi, [ccing -cli too for information]
On Mon, Nov 29, 2010 at 07:38:41PM +0100, Moritz Muehlenhoff wrote:
On Mon, Nov 29, 2010 at 01:03:31PM +0000, Iain Lane wrote:tags 605096 + pending affects 605096 1.2.2-1 affects 605096 0.10.2-1 thanks Hi, On Sat, Nov 27, 2010 at 01:10:55PM +0100, Moritz Muehlenhoff wrote: >Package: tomboy >Severity: grave >Tags: security > > >Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4005 >for details and a patch. Please fix this for Squeeze with a targeted >bugfix, not by packaging a full new upstream release. Thanks, prepared for sid/squeeze in git. Attached a diff.gz/dsc for lenny. Is this OK to upload?The impact doesn't warrant a DSA. Please fix this through a stable point update instead: http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
OK. @d-release SRMs, would you accept a stable update for tomboy (and then assumedly banshee which suffers from the same problem in unstable [not checked stable yet])? debdiff attached. Regards, Iain
diff -u tomboy-0.10.2/debian/changelog tomboy-0.10.2/debian/changelog --- tomboy-0.10.2/debian/changelog +++ tomboy-0.10.2/debian/changelog @@ -1,3 +1,14 @@ +tomboy (0.10.2-1+lenny1) stable-proposed-updates; urgency=high + + * Fix insecure LD_LIBRARY_PATH. A vulnerability existed where if + LD_LIBRARY_PATH were set but empty, a trailing : as a path separator would + still be appended to the path, exposing an insecure/invalid search path. + Using :+: instead of +: prevents this as ${X:+:$X} returns X iff X is set + and not empty whereas ${X+:$X} returns X iff X is set (it may be empty). + References: CVE-2010-4005 (Closes: #605096) + + -- Iain Lane <la...@ubuntu.com> Mon, 29 Nov 2010 12:23:34 +0000 + tomboy (0.10.2-1) unstable; urgency=low * New upstream bugfix release. only in patch2: unchanged: --- tomboy-0.10.2.orig/debian/patches/00_LD_LIBRARY_PATH_CVE-2010-4005.patch +++ tomboy-0.10.2/debian/patches/00_LD_LIBRARY_PATH_CVE-2010-4005.patch @@ -0,0 +1,39 @@ +Description: Fix unsafe LD_LIBRARY_PATH setting (CVE-2010-4005) +Author: Luis Medinas <lmedi...@gnome.org> +Origin: https://bugzilla.gnome.org/show_bug.cgi?id=635614 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605096 +Bug-Upstream: https://bugzilla.gnome.org/show_bug.cgi?id=635614 +Forwarded: not-needed + +Index: tomboy.git/Tomboy/tomboy.in +=================================================================== +--- tomboy.git.orig/Tomboy/tomboy.in 2010-11-29 01:10:11.170557627 +0000 ++++ tomboy.git/Tomboy/tomboy.in 2010-11-29 01:09:46.128629088 +0000 +@@ -3,13 +3,13 @@ + if [ "x$PWD" = "x...@srcdir@" ] ; then + echo "*** Running uninstalled @target@ ***" + +- export LD_LIBRARY_PATH="../libtomboy/.libs${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}:./Addins/PrintNotes/.libs" ++ export LD_LIBRARY_PATH="../libtomboy/.libs${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}:./Addins/PrintNotes/.libs" + export TOMBOY_WRAPPER_PATH="$PWD/@wrapper@" + export MONO_PATH=$MONO_PATH:./Addins:../Mono.Addins/Mono.Addins:../Mono.Addins/Mono.Addins.Setup:../Mono.Addins/Mono.Addins.Gui + + THIS_EXE="--debug ./@target@" + else +- export LD_LIBRARY_PATH="@pkglib...@${ld_library_path+:$LD_LIBRARY_PATH}" ++ export LD_LIBRARY_PATH="@pkglib...@${ld_library_path:+:$LD_LIBRARY_PATH}" + export MONO_PATH=$MONO_PATH:@pkglibdir@:@pkglibdir@/addins + export TOMBOY_WRAPPER_PATH="@bindir@/@wrapper@" + +Index: tomboy.git/Tomboy/tomboy-panel.in +=================================================================== +--- tomboy.git.orig/Tomboy/tomboy-panel.in 2010-11-29 01:10:10.770526817 +0000 ++++ tomboy.git/Tomboy/tomboy-panel.in 2010-11-29 01:10:00.929768958 +0000 +@@ -1,6 +1,6 @@ + #!/usr/bin/env bash + +-export LD_LIBRARY_PATH="@pkglib...@${ld_library_path+:$LD_LIBRARY_PATH}" ++export LD_LIBRARY_PATH="@pkglib...@${ld_library_path:+:$LD_LIBRARY_PATH}" + export MONO_PATH=$MONO_PATH:@pkglibdir@:@pkglibdir@/addins + export TOMBOY_WRAPPER_PATH="@bindir@/@wrapper@" + TOMBOY_CONFIG_DIR="${XDG_CONFIG_HOME:-$HOME/.config}/tomboy"
signature.asc
Description: Digital signature