lastfm 1.5.1.31879.dfsg-1+lenny1 stable update

To: debian-release@lists.debian.org
Subject: lastfm 1.5.1.31879.dfsg-1+lenny1 stable update
From: John Stamp <jstamp@users.sourceforge.net>
Date: Mon, 4 Oct 2010 14:26:26 -0700
Message-id: <[🔎] 20101004212626.GA2531@pintsize>

Hello,

Bug#598294: lastfm: CVE-2010-3362: insecure library loading also affects
the version in stable.  I notified the security team, but Moritz told me
that this does not warrant a DSA.  He suggested that I instead get this
fixed through a stable point update.

The proposed diff is below:

diff --git a/debian/changelog b/debian/changelog
index 857c175..dce2413 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+lastfm (1:1.5.1.31879.dfsg-1+lenny1) stable-security; urgency=high
+
+  * Fix CVE-2010-3362: insecure library loading
+
+ -- John Stamp <jstamp@users.sourceforge.net>  Thu, 30 Sep 2010 15:39:42 -0700
+
 lastfm (1:1.5.1.31879.dfsg-1) unstable; urgency=low
 
   * New upstream.
diff --git a/debian/lastfm.sh b/debian/lastfm.sh
index 34a2487..aef3654 100644
--- a/debian/lastfm.sh
+++ b/debian/lastfm.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
 
 RUNDIR="/usr/lib/lastfm"
-export LD_LIBRARY_PATH="${RUNDIR}:${LD_LIBRARY_PATH}"
+export LD_LIBRARY_PATH="${RUNDIR}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
 exec "${RUNDIR}/last.fm" "$@"

Is this OK to upload?

Regards,

John Stamp

Reply to:

Prev by Date: Bug#599123: marked as done (unblock: apr-util/1.3.9+dfsg-5)
Next by Date: Please unblock cheese 2.30.1-2
Previous by thread: Bug#599123: marked as done (unblock: apr-util/1.3.9+dfsg-5)
Next by thread: Please unblock cheese 2.30.1-2
Index(es):
- Date
- Thread