Bug#598305: teamspeak-server: NMU diff for 2.0.24.1+debian-1.1 (Intent to NMU)

Mon, 18 Oct 2010 11:06:21 -0700 

Dear maintainer,

Here is the NMU diff according to DevRef 5.11.1[1][2] for bug: #598305.
See the debian/patches directory for the important fixes. Feel free to
contact if you have any questions.

Thank you for maintaining the package,
Jari Aalto

[1] http://www.debian.org/doc/developers-reference/pkgs.html#nmu
[2] http://dep.debian.net/deps/dep1.html

lsdiff(1) of changes:

    teamspeak-server-2.0.24.1+debian/debian/changelog
    teamspeak-server-2.0.24.1+debian/debian/teamspeak-server.wrapper


diffstat for teamspeak-server_2.0.24.1+debian-1 teamspeak-server_2.0.24.1+debian-1.1

 changelog                |   10 ++++++++++
 teamspeak-server.wrapper |   18 ++++++++++++++++--
 2 files changed, 26 insertions(+), 2 deletions(-)

diff -u teamspeak-server-2.0.24.1+debian/debian/changelog teamspeak-server-2.0.24.1+debian/debian/changelog
--- teamspeak-server-2.0.24.1+debian/debian/changelog
+++ teamspeak-server-2.0.24.1+debian/debian/changelog
@@ -1,3 +1,13 @@
+teamspeak-server (2.0.24.1+debian-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/teamspeak-server.wrapper
+    - Fix CVE-2010-3383 nsecure library loading. Initial patch thanks to
+      Etienne Millon <etienne.mil...@gmail.com>. (grave, security;
+      Closes: #598305).
+
+ -- Jari Aalto <jari.aa...@cante.net>  Mon, 18 Oct 2010 20:58:51 +0300
+
 teamspeak-server (2.0.24.1+debian-1) unstable; urgency=low
 
   * New upstream release.
diff -u teamspeak-server-2.0.24.1+debian/debian/teamspeak-server.wrapper teamspeak-server-2.0.24.1+debian/debian/teamspeak-server.wrapper
--- teamspeak-server-2.0.24.1+debian/debian/teamspeak-server.wrapper
+++ teamspeak-server-2.0.24.1+debian/debian/teamspeak-server.wrapper
@@ -5,2 +5,16 @@
-export LD_LIBRARY_PATH=/usr/lib/teamspeak-server:$LD_LIBRARY_PATH
-/usr/lib/teamspeak-server/teamspeak-server.real $@
+Pathclean ()
+{
+   # Vulnerability fix for insecure path content
+   # Make sure "::", "^:" or ":$" is not left in path arg $1
+
+   local tmp
+   tmp=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )
+
+   [ "$tmp" ] && echo "$tmp"
+}
+
+LD_LIBRARY_PATH=/usr/lib/teamspeak-server${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+LD_LIBRARY_PATH=$(Pathclean "$LD_LIBRARY_PATH")
+export LD_LIBRARY_PATH
+
+/usr/lib/teamspeak-server/teamspeak-server.real "$@"

Reply via email to