Hi all, It has come to my attention that a lot of maintainers are simply adding a build-depends on libltdl3-dev to try to solve this problem. This is not a sufficient solution since your package will still use the embedded libtool code copy. You need to add '--without-included-ltdl' to your configure arguments to do this right.
A verification, but not really a sufficient proof, is that 'ldd <your binaries>' shows that the system libtool is being used. On another note, if your package is affected in either stable or oldstable, it also must be fixed. The security team has determined that this issue is not sufficiently severe to warrant DSAs for the embedding packages, so instead, you should coordinate a proposed-update with the release team. Once you have fixed the problem in unstable (or even before that if you desire), please open new bugs for stable/oldstable to track the problem there (if your package is affected). Thank you for working on this issue. Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
