[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#601199: unblock: mono-debugger/2.6.3-2.1

On Sun, 2010-10-24 at 12:40 +0200, Moritz Muehlenhoff wrote:
> Please unblock package mono-debugger. It fixes CVE-2010-3369.

I'm not really convinced about the utility of this:

++   tmp=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )

The code is already using ${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} to only
append LD_LIBRARY_PATH if it is non-empty, resolving the issue with the
script (adding empty items without the user realising).

If I want to explicitly add empty items to LD_LIBRARY_PATH before
calling the debugger, and potentially shoot myself badly in the foot,
should I not be permitted to do so?



Reply to: