** Summary changed: - CVE-2010-3349: insecure library loading + insecure library loading
** Description changed: Binary package hint: gxine When there's an empty item on the colon-separated list of LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.) If the given script is executed from a directory where a potential, local, attacker can write files to, there's a chance to exploit this bug. This bug affects at the very least several packages which use a wrapper around xulrunner in place of mozjs. + + This is similar to CVE-2010-3349 -- insecure library loading https://bugs.launchpad.net/bugs/650862 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
