Bug#598308: vdr-dbg: CVE-2010-3387: insecure library loading

Tobias Grimm etobi at debian.org
Sat Oct 2 21:29:23 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julien Cristau wrote:

> LD_LIBRARY_PATH is colon-separated, though, not semicolon-separated, so
> LD_LIBRARY_PATH="/usr/lib/debug;$LD_LIBRARY_PATH" is broken, but not a
> security issue.  Besides, this looks like a debugging utility so I don't
> think it would warrant 'grave' severity even if the bug was there.

I have to a agree, it's just a debugging tool to start VDR with valgrind
to check for memory leaks. I'm setting the severity to normal. If you feel
it's still an security issue that should be fixed in Squeeze, please let
me know.

Tobias
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkynpDMACgkQ9xgNJq7apkJQ6wCghs0LfZ70/F2zb2HSR3VRyj4x
/T0AmwSbcsD2xSC6tsWvtoJJ/vClCrnP
=9Y9K
-----END PGP SIGNATURE-----





More information about the pkg-vdr-dvb-devel mailing list