Re: please unblock qtparted/0.4.5-8
On Tue, September 28, 2010 08:45, Aníbal Monsalve Salazar wrote:
> please unblock qtparted/0.4.5-8
>
> it fixes RC bug 598301 (CVE-2010-3375: insecure library loading)
Unfortunately, it also introduces another one:
> +--- a/data/run_qtparted.in 2005-07-07 06:54:36.000000000 +1000
> ++++ b/data/run_qtparted.in 2010-09-28 15:53:58.000000000 +1000
> +@@ -43,7 +43,13 @@
> +
> + # defines environment variables
> + export QTDIR=@PATH_QTDIR@
> +-export LD_LIBRARY_PATH="$QTDIR/lib:$LD_LIBRARY_PATH"
> ++LD_LIBRARY_PATH=$( sed "s/\s//g" <<< "$LD_LIBRARY_PATH" )
run_qtparted is a /bin/sh script, but herestrings - "<<<" - are not part
of SUSv3, nor granted an exception in policy. The above will fail if
/bin/sh points to dash.
Regards,
Adam
Reply to: