Viewing all changes in revision 24.
- Committer: Package Import Robot
- Date: 2012-02-14 10:38:34 UTC
- Revision ID: package-import@ubuntu.com-20120214103834-kz4uu6ymnz7uzp01
* SECURITY UPDATE: vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a
zero-length directory name in the LD_LIBRARY_PATH, which allows local users
to gain privileges via a Trojan horse shared library in the current working
directory. (LP: #930700)
- http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/natty/vdr/natty/revision/24#debian/vdrleaktest
and
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/natty/vdr/natty/revision/25#debian/vdrleaktest
- debian/vdrtestleak: changed to set LD_LIBRARY_PATH securely
- CVE-2010-3387
zero-length directory name in the LD_LIBRARY_PATH, which allows local users
to gain privileges via a Trojan horse shared library in the current working
directory. (LP: #930700)
- http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/natty/vdr/natty/revision/24#debian/vdrleaktest
and
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/natty/vdr/natty/revision/25#debian/vdrleaktest
- debian/vdrtestleak: changed to set LD_LIBRARY_PATH securely
- CVE-2010-3387
- files modified:
- debian/changelog
expand all
collapse all
added
removed
