Hi Moritz,
Am 30.11.2010 19:54, schrieb Moritz Muehlenhoff:
On Sat, Nov 13, 2010 at 11:33:57AM +1100, Silvio Cesare wrote:
Package: gnucash
Version: 2.2.6-2
Tags: security
Severity: important
> From CVE-2010-3999
"gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory
name in the LD_LIBRARY_PATH, which allows local users to gain privileges via
a Trojan horse shared library in the current working directory."
https://bugzilla.redhat.com/show_bug.cgi?id=644933
What's the status? Please get this fixed for Squeeze.
I've just uploaded a fix to unstable. I'll ask for a freeze exception
within in the next days.
Regards,
Micha
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
