Bug#598308: vdr-dbg: CVE-2010-3387: insecure library loading
Jari Aalto
jari.aalto at cante.net
Mon Oct 18 10:26:24 UTC 2010
>> +LANG=C LD_LIBRARY_PATH="/usr/lib/debug:${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" \
>> valgrind --tool=memcheck --leak-check=yes --num-callers=20 \
>
> [julien]
> This patch is broken. There's a superfluous `:' after /usr/lib/debug.
And I noticed that there is a bigger problem lurking:
(
LD_LIBRARY_PATH="::"
LD_LIBRARY_PATH="/usr/lib/debug:${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
echo $LD_LIBRARY_PATH
)
# /usr/lib/debug::::
Jari
More information about the pkg-vdr-dvb-devel
mailing list