On Sat, Nov 13, 2010 at 11:33:57AM +1100, Silvio Cesare wrote:
> Package: gnucash
> Version: 2.2.6-2
> Tags: security
> Severity: important
>
> >From CVE-2010-3999
>
> "gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory
> name in the LD_LIBRARY_PATH, which allows local users to gain privileges via
> a Trojan horse shared library in the current working directory."
>
> https://bugzilla.redhat.com/show_bug.cgi?id=644933
What's the status? Please get this fixed for Squeeze.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
