Re: lastfm 1.5.1.31879.dfsg-1+lenny1 stable update
In gmane.linux.debian.devel.release, you wrote:
>
> --wZwWzkkm73dI25u3
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Mon, Oct 4, 2010 at 14:26:26 -0700, John Stamp wrote:
>
>> Hello,
>>=20
>> Bug#598294: lastfm: CVE-2010-3362: insecure library loading also affects
>> the version in stable. I notified the security team, but Moritz told me
>> that this does not warrant a DSA. He suggested that I instead get this
>> fixed through a stable point update.
>>=20
>> The proposed diff is below:
>>=20
>> diff --git a/debian/changelog b/debian/changelog
>> index 857c175..dce2413 100644
>> --- a/debian/changelog
>> +++ b/debian/changelog
>> @@ -1,3 +1,9 @@
>> +lastfm (1:1.5.1.31879.dfsg-1+lenny1) stable-security; urgency=3Dhigh
>> +
>> + * Fix CVE-2010-3362: insecure library loading
>> +
>> + -- John Stamp <jstamp@users.sourceforge.net> Thu, 30 Sep 2010 15:39:42=
> -0700
>> +
>> lastfm (1:1.5.1.31879.dfsg-1) unstable; urgency=3Dlow
>> =20
>> * New upstream.
>> diff --git a/debian/lastfm.sh b/debian/lastfm.sh
>> index 34a2487..aef3654 100644
>> --- a/debian/lastfm.sh
>> +++ b/debian/lastfm.sh
>> @@ -1,5 +1,5 @@
>> #!/bin/sh
>> =20
>> RUNDIR=3D"/usr/lib/lastfm"
>> -export LD_LIBRARY_PATH=3D"${RUNDIR}:${LD_LIBRARY_PATH}"
>> +export LD_LIBRARY_PATH=3D"${RUNDIR}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
>> exec "${RUNDIR}/last.fm" "$@"
>>=20
>> Is this OK to upload?
>>=20
> The changelog should say 'stable' rather than 'stable-security'. Other
> than this, please go ahead.
John,
did you see the mail? You haven't uploaded a spu update yet.
Cheers,
Moritz
Reply to: