On Sun, Dec 06, 2009 at 11:55:11PM -0500, Michael Gilbert wrote:
> Package: gnash
> Severity: grave
> Tags: security
>
> Hi,
>
> The following CVE (Common Vulnerabilities & Exposures) id was
> published for libtool. I have determined that this package embeds a
> vulnerable copy of the libtool source code. However, since this is a
> mass bug filing (due to so many packages embedding libtool), I have not
> had time to determine whether the vulnerable code is actually present
> in any of the binary packages. Please determine whether this is the
> case. If the package is not affected, please feel free to close the bug
> with a message containing the details of what you did to check.
Gnash already has a Build-Depennds on the shared copy, but it appears
as if only the hppa build links against the system copy. I suppose
this needs to be configured explicitely by passing "--without-included-ltdl"
to the configure call.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
