Hello,
Bug#598294: lastfm: CVE-2010-3362: insecure library loading also affects
the version in stable. I notified the security team, but Moritz told me
that this does not warrant a DSA. He suggested that I instead get this
fixed through a stable point update.
The proposed diff is below:
diff --git a/debian/changelog b/debian/changelog
index 857c175..dce2413 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+lastfm (1:1.5.1.31879.dfsg-1+lenny1) stable-security; urgency=high
+
+ * Fix CVE-2010-3362: insecure library loading
+
+ -- John Stamp <jst...@users.sourceforge.net> Thu, 30 Sep 2010 15:39:42 -0700
+
lastfm (1:1.5.1.31879.dfsg-1) unstable; urgency=low
* New upstream.
diff --git a/debian/lastfm.sh b/debian/lastfm.sh
index 34a2487..aef3654 100644
--- a/debian/lastfm.sh
+++ b/debian/lastfm.sh
@@ -1,5 +1,5 @@
#!/bin/sh
RUNDIR="/usr/lib/lastfm"
-export LD_LIBRARY_PATH="${RUNDIR}:${LD_LIBRARY_PATH}"
+export LD_LIBRARY_PATH="${RUNDIR}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
exec "${RUNDIR}/last.fm" "$@"
Is this OK to upload?
Regards,
John Stamp
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20101004212626.ga2...@pintsize
