Bug#657070: embedded library ltdl

Thomas Ries tries at gmx.net
Mon Jan 23 22:03:28 UTC 2012 

Hello Mark,

If by chance you (or any other Debian Maintainer) could provide me a
temporary user account on a Debian system (with osip2 & ltdl libraries
and GCC installed) I'll have a look at it and see if I can provide a fix.
I'm a bit reluctant to install a Debian here to use it one or twice a
year...

I'm using Centos5 for siproxd development/maintenance (currently with
libtool-ltdl-1.5.22), so it might be a version issue with libtool/ltdl.

Regards,
/Thomas


Mark Purcell wrote:
> Package: siproxd
> Version: 1:0.8.1-1
> Severity: important
> Tags: security upstream help
> 
> siproxd currently ships an embedded copy of the ltdl library.
> 
> The original version of ltdl shipped was vunerable to 
> 'CVE-2009-3736 local privlege esclation'
> 
> siproxd upstream (Thomas) have now upgraded the embedded copy of ltdl
> as a result siproxd is no longer vunerable to CVE-2009-3736.
> 
> The current version of siproxd in Debian Fixed in version siproxd/1:0.8.1-1.
> 
> However this Debian version is still using the embedded ltdl library, rather
> than the preferred system provided ltdl library.
> 
> Whilst siproxd does detect if a system ltdl library is available it does
> fail to build from source (FTBFS) with the error:
> 
> plugins.c:65: undefined reference to 'lt__PROGRAM__LTX_preloaded_symbols'
> 
> which has also been reported here:
> http://blog.gmane.org/gmane.network.siproxd/month=20110201
> 
> Assistance to fix this issue in the Debian package would be appreciated.
> 
> Mark
> 
> -- System Information:
> Debian Release: wheezy/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> 
> Versions of packages siproxd depends on:
> ii  adduser     3.113
> ii  libc6       2.13-24
> ii  libosip2-7  3.6.0-2
> 
> siproxd recommends no packages.
> 
> Versions of packages siproxd suggests:
> ii  linphone  3.5.0-2
> 
> -- no debconf information
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20120123/02fdff85/attachment.pgp>

More information about the Pkg-voip-maintainers mailing list