A new patchset is below.
debdiff tau_2.16.4-1.3.dsc tau_2.16.4-1.4.dsc | diffstat
debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff | 35
++
tau-2.16.4/debian/changelog |9 ++
tau-2.16.4/debian/patches/series
On Wed, Oct 06, 2010 at 01:40:51PM +0200, Julien Cristau wrote:
>This makes absolutely no sense. "$TAUROOT/$TAUARCH/lib/$thebinding is
>not empty.
I know that.
I was talking about a general case where you have just one variable.
See the end of
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=59
On Wed, Oct 6, 2010 at 11:37:15 +, Aníbal Monsalve Salazar wrote:
> > Yay overengineering.
> >
> > What's wrong with a simple
> > export
> > LD_LIBRARY_PATH="$TAUROOT/$TAUARCH/lib/$thebinding${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
> > ?
>
> In the general case where you have a $foo before
>
> Yay overengineering.
>
> What's wrong with a simple
> export
> LD_LIBRARY_PATH="$TAUROOT/$TAUARCH/lib/$thebinding${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
> ?
In the general case where you have a $foo before
${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
the result is not good if $foo is empty.
See for e
On Wed, Oct 6, 2010 at 10:43:08 +, Aníbal Monsalve Salazar wrote:
> +--- a/tools/src/tauex.in 2007-05-19 09:04:55.0 +1000
> b/tools/src/tauex.in 2010-10-06 19:03:38.0 +1100
> +@@ -194,7 +194,31 @@ for c in $Counters ; do
> + done
> +
> +
> +-export LD_LIBRARY_P
package tau
tags 598303 + patch
Processing commands for cont...@bugs.debian.org:
> package tau
Limiting to bugs with field 'package' containing at least one of 'tau'
Limit currently set to 'package':'tau'
> tags 598303 + patch
Bug #598303 [tau] tau: CVE-2010-3382: insecure library loading
Added tag(s) patch.
> stop
Stopping pro
Package: tau
Version: 2.16.4-1.3
Severity: grave
Tags: security
User: t...@security.debian.org
Usertags: ldpath
Hello,
During a review of the Debian archive, I've found your package to
contain a script that can be abused by an attacker to execute arbitrary
code.
The vulnerability is introduced b
8 matches
Mail list logo
