Bug#657070: embedded library ltdl
Mark Purcell
mark at purcell.id.au
Mon Jan 23 21:21:31 UTC 2012
Package: siproxd
Version: 1:0.8.1-1
Severity: important
Tags: security upstream help
siproxd currently ships an embedded copy of the ltdl library.
The original version of ltdl shipped was vunerable to
'CVE-2009-3736 local privlege esclation'
siproxd upstream (Thomas) have now upgraded the embedded copy of ltdl
as a result siproxd is no longer vunerable to CVE-2009-3736.
The current version of siproxd in Debian Fixed in version siproxd/1:0.8.1-1.
However this Debian version is still using the embedded ltdl library, rather
than the preferred system provided ltdl library.
Whilst siproxd does detect if a system ltdl library is available it does
fail to build from source (FTBFS) with the error:
plugins.c:65: undefined reference to 'lt__PROGRAM__LTX_preloaded_symbols'
which has also been reported here:
http://blog.gmane.org/gmane.network.siproxd/month=20110201
Assistance to fix this issue in the Debian package would be appreciated.
Mark
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages siproxd depends on:
ii adduser 3.113
ii libc6 2.13-24
ii libosip2-7 3.6.0-2
siproxd recommends no packages.
Versions of packages siproxd suggests:
ii linphone 3.5.0-2
-- no debconf information
More information about the Pkg-voip-maintainers
mailing list