-
Committer:
Package Import Robot
-
Author(s):
Zubin Mithra
-
Date:
2012-02-14 10:38:34 UTC
-
Revision ID:
package-import@ubuntu.com-20120214103834-kz4uu6ymnz7uzp01
Tags: 1.6.0-18ubuntu1.1
* SECURITY UPDATE: vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a
zero-length directory name in the LD_LIBRARY_PATH, which allows local users
to gain privileges via a Trojan horse shared library in the current working
directory. (LP: #930700)
- http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/natty/vdr/natty/revision/24#debian/vdrleaktest
and
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/natty/vdr/natty/revision/25#debian/vdrleaktest
- debian/vdrtestleak: changed to set LD_LIBRARY_PATH securely
- CVE-2010-3387