Re: please unblock qtparted/0.4.5-8

To: "Aníbal Monsalve Salazar" <anibal@debian.org>
Cc: debian-release@lists.debian.org
Subject: Re: please unblock qtparted/0.4.5-8
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 28 Sep 2010 09:14:26 +0100
Message-id: <[🔎] 901341111e35ec797dd8b10653ccfec7.squirrel@adsl.funky-badger.org>
In-reply-to: <[🔎] 20100928074554.GB3229@master.debian.org>
References: <[🔎] 20100928074554.GB3229@master.debian.org>

On Tue, September 28, 2010 08:45, Aníbal Monsalve Salazar wrote:
> please unblock qtparted/0.4.5-8
>
> it fixes RC bug 598301 (CVE-2010-3375: insecure library loading)

Unfortunately, it also introduces another one:

> +--- a/data/run_qtparted.in	2005-07-07 06:54:36.000000000 +1000
> ++++ b/data/run_qtparted.in	2010-09-28 15:53:58.000000000 +1000
> +@@ -43,7 +43,13 @@
> +
> + # defines environment variables
> + export QTDIR=@PATH_QTDIR@
> +-export LD_LIBRARY_PATH="$QTDIR/lib:$LD_LIBRARY_PATH"
> ++LD_LIBRARY_PATH=$( sed "s/\s//g" <<< "$LD_LIBRARY_PATH" )

run_qtparted is a /bin/sh script, but herestrings - "<<<" - are not part
of SUSv3, nor granted an exception in policy.  The above will fail if
/bin/sh points to dash.

Regards,

Adam

Reply to:

Follow-Ups:
- Re: please unblock qtparted/0.4.5-9
  - From: Aníbal Monsalve Salazar <anibal@debian.org>

References:
- please unblock qtparted/0.4.5-8
  - From: Aníbal Monsalve Salazar <anibal@debian.org>

Prev by Date: Re: please unblock libedit/2.11-20080614-2
Next by Date: Re: please unblock qtparted/0.4.5-9
Previous by thread: please unblock qtparted/0.4.5-8
Next by thread: Re: please unblock qtparted/0.4.5-9
Index(es):
- Date
- Thread