On Tuesday, November 16, 2010 02:19:12 pm Moritz Muehlenhoff wrote: > In gmane.linux.debian.devel.release, you wrote: > > --wZwWzkkm73dI25u3 > > Content-Type: text/plain; charset=us-ascii > > Content-Disposition: inline > > Content-Transfer-Encoding: quoted-printable > > > > On Mon, Oct 4, 2010 at 14:26:26 -0700, John Stamp wrote: > >> Hello, > >> > >>=20 > >> > >> Bug#598294: lastfm: CVE-2010-3362: insecure library loading also > >> affects the version in stable. I notified the security team, but > >> Moritz told me that this does not warrant a DSA. He suggested > >> that I instead get this fixed through a stable point update. > >> > >>=20 > >> > >> The proposed diff is below: > >>=20 > >> > >> diff --git a/debian/changelog b/debian/changelog > >> index 857c175..dce2413 100644 > >> --- a/debian/changelog > >> +++ b/debian/changelog > >> @@ -1,3 +1,9 @@ > >> +lastfm (1:1.5.1.31879.dfsg-1+lenny1) stable-security; > >> urgency=3Dhigh + > >> + * Fix CVE-2010-3362: insecure library loading > >> + > >> + -- John Stamp <[email protected]> Thu, 30 Sep 2010 > >> 15:39:42= > >> > > -0700 > > > >> + > >> > >> lastfm (1:1.5.1.31879.dfsg-1) unstable; urgency=3Dlow > >> > >> =20 > >> > >> * New upstream. > >> > >> diff --git a/debian/lastfm.sh b/debian/lastfm.sh > >> index 34a2487..aef3654 100644 > >> --- a/debian/lastfm.sh > >> +++ b/debian/lastfm.sh > >> @@ -1,5 +1,5 @@ > >> > >> #!/bin/sh > >> > >> =20 > >> > >> RUNDIR=3D"/usr/lib/lastfm" > >> > >> -export LD_LIBRARY_PATH=3D"${RUNDIR}:${LD_LIBRARY_PATH}" > >> +export > >> LD_LIBRARY_PATH=3D"${RUNDIR}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} > >> " > >> > >> exec "${RUNDIR}/last.fm" "$@" > >> > >>=20 > >> > >> Is this OK to upload? > >> > >>=20 > >> > > The changelog should say 'stable' rather than 'stable-security'. > > Other than this, please go ahead. > > John, > did you see the mail? You haven't uploaded a spu update yet. > > Cheers, > Moritz
No I didn't, but that was my fault. It's now uploaded. Regards, John -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
