On Mon, Oct 4, 2010 at 14:26:26 -0700, John Stamp wrote: > Hello, > > Bug#598294: lastfm: CVE-2010-3362: insecure library loading also affects > the version in stable. I notified the security team, but Moritz told me > that this does not warrant a DSA. He suggested that I instead get this > fixed through a stable point update. > > The proposed diff is below: > > diff --git a/debian/changelog b/debian/changelog > index 857c175..dce2413 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +lastfm (1:1.5.1.31879.dfsg-1+lenny1) stable-security; urgency=high > + > + * Fix CVE-2010-3362: insecure library loading > + > + -- John Stamp <jstamp@users.sourceforge.net> Thu, 30 Sep 2010 15:39:42 -0700 > + > lastfm (1:1.5.1.31879.dfsg-1) unstable; urgency=low > > * New upstream. > diff --git a/debian/lastfm.sh b/debian/lastfm.sh > index 34a2487..aef3654 100644 > --- a/debian/lastfm.sh > +++ b/debian/lastfm.sh > @@ -1,5 +1,5 @@ > #!/bin/sh > > RUNDIR="/usr/lib/lastfm" > -export LD_LIBRARY_PATH="${RUNDIR}:${LD_LIBRARY_PATH}" > +export LD_LIBRARY_PATH="${RUNDIR}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" > exec "${RUNDIR}/last.fm" "$@" > > Is this OK to upload? > The changelog should say 'stable' rather than 'stable-security'. Other than this, please go ahead. Cheers, Julien
Attachment:
signature.asc
Description: Digital signature