severity 559824 minor severity 559837 minor tags 559824 + fixed pending tags 559837 + fixed pending thanks
It's very unlikely to exploit either parser3 or it's mysql-extension this way. If you have write access to the parser3 working directory - just edit auto.p (@conf method) to include additional SQL-extensions to be dlopen'ed ($SQL table): http://www.parser.ru/en/docs/lang/?parserconfmethod.htm Anyway, this minor fix is already in git repo. On Mon, Dec 7, 2009 at 8:02 AM, Michael Gilbert <michael.s.gilb...@gmail.com> wrote: > The following CVE (Common Vulnerabilities & Exposures) id was > published for libtool. I have determined that this package embeds a > vulnerable copy of the libtool source code. However, since this is a > mass bug filing (due to so many packages embedding libtool), I have not > had time to determine whether the vulnerable code is actually present > in any of the binary packages. Please determine whether this is the > case. If the binary packages are not affected, please feel free to close > the bug with a message containing the details of what you did to check. > > CVE-2009-3736[0]: > | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, > | attempts to open a .la file in the current working directory, which > | allows local users to gain privileges via a Trojan horse file. > > Note that this problem also affects etch and lenny, so if your package > is affected, please coordinate with the security team to release the > DSA for the affected packages. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736 > http://security-tracker.debian.org/tracker/CVE-2009-3736 > > > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
