#introduces a security hole allowing access to the accounts of users who use the package severity 495770 grave
tags 495770 +patch thanks I have prepared a patch to debian/rules which fixes the issue by removing the rpath from all binaries in that directory. there is also some code in debian/rules which seems to turn lintain results from the previous build into lintain overrides. This means that afacit if someone builds a package more than once (as is quite normal) then every lintain issue will get overridden! I have diabled this code in my diff. <mailto:[EMAIL PROTECTED]>
Only in marble-0.6+svn837399/data/mwdbii: PISLAND.PNT.orig Only in marble-0.6+svn837399/data/mwdbii: PLAKE.PNT.orig diff -ur marble-0.6+svn837399/debian/rules marble-0.6+svn837399.new/debian/rules --- marble-0.6+svn837399/debian/rules 2008-08-20 20:45:30.000000000 +0000 +++ marble-0.6+svn837399.new/debian/rules 2008-08-20 20:27:15.000000000 +0000 @@ -68,11 +68,14 @@ common-install-prehook-arch:: install -m 644 $(CURDIR)/debian/globe.xpm $(CURDIR)/debian/marble/usr/share/pixmaps/globe.xpm -common-install-arch:: - install -D -m 644 $(CURDIR)/debian/marble.lintian $(CURDIR)/debian/marble/usr/share/lintian/overrides/marble +#common-install-arch:: +# install -D -m 644 $(CURDIR)/debian/marble.lintian $(CURDIR)/debian/marble/usr/share/lintian/overrides/marble -common-install-indep:: - install -D -m 644 $(CURDIR)/debian/marble-data.lintian $(CURDIR)/debian/marble-data/usr/share/lintian/overrides/marble-data +#common-install-indep:: +# install -D -m 644 $(CURDIR)/debian/marble-data.lintian $(CURDIR)/debian/marble-data/usr/share/lintian/overrides/marble-data common-binary-post-install-indep:: rm -f $(CURDIR)/debian/marble-data/usr/share/marble/data/LICENSE.txt + +common-binary-post-install-arch:: + chrpath -d debian/marble/usr/lib/marble/plugins/*