On Tue, Oct 19, 2010 at 01:40:38PM +0300, Jari Aalto wrote:
>
> Simon Horman writes:
> > Its unclear to me that this patch covers all cases.
> >
> > e.g
> >
> > $ DIR_EXECUTABLE=/abc
> > $ LD_LIBRARY_PATH="::"
> > $ /bin/echo "$DIR_EXECUTABLE${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
> > /abc:::
> >
Simon Horman writes:
> Its unclear to me that this patch covers all cases.
>
> e.g
>
> $ DIR_EXECUTABLE=/abc
> $ LD_LIBRARY_PATH="::"
> $ /bin/echo "$DIR_EXECUTABLE${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
> /abc:::
>
> Am I missing something?
Julien Cristau from release team suggests that:
IR
Slightly updated NMU proposal: adds path_clean() and sapinstance_path_clean()
lsdiff(1):
cluster-agents-1.0.3/debian/changelog
cluster-agents-1.0.3/debian/patches/CVE-2010-3389--bug598549.patch
cluster-agents-1.0.3/debian/patches/debian-changes-1:1.0.3-3.1
cluster-agents-1.0.3/deb
On Sat, Oct 02, 2010 at 12:22:41AM +0900, Simon Horman wrote:
>On Fri, Oct 01, 2010 at 07:55:02PM +1000, Aníbal Monsalve Salazar wrote:
>>On Thu, Sep 30, 2010 at 10:44:42AM +0900, Simon Horman wrote:
>>>I received this through the Debian bug tracker.
>>>Its not immediately clear to me what an appro
hu, 30 Sep 2010 00:36:56 +
> From: Raphael Geissert
> To: sub...@bugs.debian.org
> Subject: [Debian-ha-maintainers] Bug#598549: cluster-agents: CVE-2010-3389:
> insecure library loading
> Resent-From: Raphael Geissert
>
> Package: cluster-agents
> Version: 1:1.0.3
On Fri, Oct 01, 2010 at 07:55:02PM +1000, Aníbal Monsalve Salazar wrote:
> On Thu, Sep 30, 2010 at 10:44:42AM +0900, Simon Horman wrote:
> >I received this through the Debian bug tracker.
> >Its not immediately clear to me what an appropriate fix would be.
>
> The following diff shows how I fixed
On Thu, Sep 30, 2010 at 10:44:42AM +0900, Simon Horman wrote:
>I received this through the Debian bug tracker.
>Its not immediately clear to me what an appropriate fix would be.
The following diff shows how I fixed "qtparted: CVE-2010-3375: insecure
library loading" bug.
-export LD_LIBRARY_PATH="
-maintainers] Bug#598549: cluster-agents: CVE-2010-3389:
insecure library loading
Resent-From: Raphael Geissert
Package: cluster-agents
Version: 1:1.0.3-3
Severity: important
Tags: security
User: t...@security.debian.org
Usertags: ldpath
Hello,
During a review of the Debian archive, I&#x
Thanks, I will discuss getting this resolved with the upstream developers.
On Thu, Sep 30, 2010 at 12:36:56AM +, Raphael Geissert wrote:
> Package: cluster-agents
> Version: 1:1.0.3-3
> Severity: important
> Tags: security
> User: t...@security.debian.org
> Usertags: ldpath
>
> Hello,
>
> Du
Package: cluster-agents
Version: 1:1.0.3-3
Severity: important
Tags: security
User: t...@security.debian.org
Usertags: ldpath
Hello,
During a review of the Debian archive, I've found your package to
contain a script that can be abused by an attacker to execute arbitrary
code.
The vulnerability i
10 matches
Mail list logo
