> Vulnerable code follows:
>
> /usr/bin/cowbell line 4:
> export LD_LIBRARY_PATH=${libdir}${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
The second part only adds a colon if LD_LIBRARY_PATH is empty, so this
whole line is insecure only if ${libdir} is empty (and in that case
LD_LIBRARY_PATH will start with a colon). However, the previous line
is :
> libdir="@prefix@/lib/cowbell"
So, I believe that this use is safe.
--
Etienne Millon
signature.asc
Description: Digital signature

