OK, thanks for your work on this!
Looking at the debdiff, there are still a few issues:
1- Your patch doesn't actually fix the issue. If LD_LIBRARY is unset, it
will still add an empty element to the end of the list.
You need to do something like this:
LD_LIBRARY=$prefix/lib/ember${LD_LIBRARY:+:$LD_LIBRARY}
and not:
LD_LIBRARY=$prefix/lib/ember:${LD_LIBRARY:+:$LD_LIBRARY}
2- Please add the LP bug number to the end of your changelog, ie:
SECURITY UPDATE: Zero length directory pathing vulnerability. (LP: #897525)
3- Please add patch tagging headers to the patch, ie:
Description: fix zero length directory pathing vulnerability
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ember/+bug/897525
Thanks for working on this!
I am unsubscribing ubuntu-security-sponsors for now. Once you have
uploaded a debdiff that uses the package's patch system, please
resubscribe ubuntu-security-sponsors so it can get looked at. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/897525
Title:
Security Vulnerability Ember 0.5.7
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ember/+bug/897525/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
