On Tue, Sep 28, 2010 at 12:07:05PM +0200, Julien Cristau wrote: > On Tue, Sep 28, 2010 at 09:25:48 +0000, Aníbal Monsalve Salazar wrote: > > > + export PATH=/sbin:/usr/sbin:/bin:/usr/bin:$PATH > > So you put . in $PATH? > > Cheers, > Julien Sorry, I don't understand your comment. That particular line in data/run_qtparted.in hasn't been touched. According to CVE-2010-3375, an empty item in the colon-separated list of LD_LIBRARY_PATH is treated a '.' by ld.so. Are you suggesting something similar occurs with PATH? As far as I know, an empty item in PATH is not treated as '.'. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3375 http://security-tracker.debian.org/tracker/CVE-2010-3375 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598301
Attachment:
signature.asc
Description: Digital signature