On Thu, Sep 30, 2010 at 10:44:42AM +0900, Simon Horman wrote: >I received this through the Debian bug tracker. >Its not immediately clear to me what an appropriate fix would be.
The following diff shows how I fixed "qtparted: CVE-2010-3375: insecure
library loading" bug.
-export LD_LIBRARY_PATH="$QTDIR/lib:$LD_LIBRARY_PATH"
+LD_LIBRARY_PATH=$( echo "$LD_LIBRARY_PATH" | sed "s/\s//g" )
+if [ -n "$LD_LIBRARY_PATH" ]
+then
+ export LD_LIBRARY_PATH="$QTDIR/lib:$LD_LIBRARY_PATH"
+else
+ export LD_LIBRARY_PATH="$QTDIR/lib"
+fi
export PATH=/sbin:/usr/sbin:/bin:/usr/bin:$PATH
Please note that if you also set PATH as above, you'll have to check
$PATH before adding it with ":$PATH" to PATH.
if $PATH is empty then ":$PATH" is equivalent to ":." and you don't want
to add "." to the path search.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

