request CVE for vdrtestleak

To: debian-security@lists.debian.org
Subject: request CVE for vdrtestleak
From: Zubin Mithra <zubin.mithra@gmail.com>
Date: Mon, 13 Feb 2012 21:29:57 +0530
Message-id: <CAA5xPpnRf_3jumw6C25vLU2pF6PLeTKQVdnZ8GxdkiC_3ZB-7Q@mail.gmail.com>

Hello everyone,

Recently I was looking at CVE-2010-3387(for purposes of patching it downstream) and I glanced upon the discussion and the patch that had been proposed earlier - you can view them at [1].

As discussed earlier, I feel that the original issue was not a security issue as it had a ";"(semi-colon) in the LD_LIBRARY_PATH.

$ echo "/usr/lib/debug;$LD_LIBRARY_PATH"
/usr/lib/debug;

However, if the case of the patch, if LD_LIBRARY_PATH were not defined, you'd have :-

$ echo "/usr/lib/debug:${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
/usr/lib/debug:

and ld.so would treat the empty item as '.'

Cheers,

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598308

Reply to:

Prev by Date: Re: how to fix rootkit?
Next by Date: icedove 3.0.11-1+squeeze7 security update induced bug from testing
Previous by thread: mobile otp and pam
Next by thread: icedove 3.0.11-1+squeeze7 security update induced bug from testing
Index(es):
- Date
- Thread