Bug#601199: unblock: mono-debugger/2.6.3-2.1

To: Moritz Muehlenhoff <jmm@debian.org>, 601199@bugs.debian.org
Subject: Bug#601199: unblock: mono-debugger/2.6.3-2.1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 24 Oct 2010 15:12:46 +0100
Message-id: <[🔎] 1287929566.27210.1057.camel@hathi.jungle.funky-badger.org>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 601199@bugs.debian.org
In-reply-to: <[🔎] 20101024104014.2635.12619.reportbug@localhost.localdomain>
References: <[🔎] 20101024104014.2635.12619.reportbug@localhost.localdomain>

On Sun, 2010-10-24 at 12:40 +0200, Moritz Muehlenhoff wrote:
> Please unblock package mono-debugger. It fixes CVE-2010-3369.

I'm not really convinced about the utility of this:

++   tmp=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )

The code is already using ${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} to only
append LD_LIBRARY_PATH if it is non-empty, resolving the issue with the
script (adding empty items without the user realising).

If I want to explicitly add empty items to LD_LIBRARY_PATH before
calling the debugger, and potentially shoot myself badly in the foot,
should I not be permitted to do so?

Regards,

Adam

Reply to:

References:
- Bug#601199: unblock: mono-debugger/2.6.3-2.1
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Re: please unblock reprepro 4.2.0-2
Next by Date: Re: Security unblock requests
Previous by thread: Bug#601199: unblock: mono-debugger/2.6.3-2.1
Next by thread: Pre-approval for dblatex: fix for annoying #594601
Index(es):
- Date
- Thread