After discussing it with other members of the Ubuntu Security Team, I still believe this does not warrant an addition CVE number, as the buggy version only made it into the Debian and Ubuntu archives briefly and were not included in any formal released version.
However, if you disagree with this opinion, you can always ask for a CVE assignment on the oss-security email list http://oss- security.openwall.org/wiki/mailing-lists/oss-security . Either way, any proposed fix to vdr should include both commits that I listed above. ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/930700 Title: vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length directory name in the LD_LIBRARY_PATH To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vdr/+bug/930700/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
