On Tue, September 28, 2010 08:45, Aníbal Monsalve Salazar wrote: > please unblock qtparted/0.4.5-8 > > it fixes RC bug 598301 (CVE-2010-3375: insecure library loading)
Unfortunately, it also introduces another one: > +--- a/data/run_qtparted.in 2005-07-07 06:54:36.000000000 +1000 > ++++ b/data/run_qtparted.in 2010-09-28 15:53:58.000000000 +1000 > +@@ -43,7 +43,13 @@ > + > + # defines environment variables > + export qtd...@path_qtdir@ > +-export LD_LIBRARY_PATH="$QTDIR/lib:$LD_LIBRARY_PATH" > ++LD_LIBRARY_PATH=$( sed "s/\s//g" <<< "$LD_LIBRARY_PATH" ) run_qtparted is a /bin/sh script, but herestrings - "<<<" - are not part of SUSv3, nor granted an exception in policy. The above will fail if /bin/sh points to dash. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
