-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 29 Nov 2010 18:59:02 +0000 Source: tomboy Binary: tomboy Architecture: source amd64 Version: 1.2.2-2 Distribution: unstable Urgency: high Maintainer: Debian CLI Applications Team <pkg-cli-apps-team@lists.alioth.debian.org> Changed-By: Iain Lane <laney@ubuntu.com> Description: tomboy - desktop note taking program using Wiki style links Closes: 605096 Changes: tomboy (1.2.2-2) unstable; urgency=high . * [bc0695b] Fix insecure LD_LIBRARY_PATH. A vulnerability existed where if LD_LIBRARY_PATH were set but empty, a trailing : as a path separator would still be appended to the path, exposing an insecure/invalid search path. Using :+: instead of +: prevents this as ${X:+:$X} returns X iff X is set and not empty whereas ${X+:$X} returns X iff X is set (it may be empty). References: CVE-2010-4005 (Closes: #605096) Checksums-Sha1: a78cfda4f7fa09c340d45080a676ef7d5f2a3b70 2075 tomboy_1.2.2-2.dsc 036e581a38848d49f9deb899568c4881910fdfea 79713 tomboy_1.2.2-2.diff.gz c63010213e29d49bf144f7a0f93a7ff7ba828f7b 4345868 tomboy_1.2.2-2_amd64.deb Checksums-Sha256: f65256d1f8b6de74fb43a2a63b837777006a48a6c6df6697c7dd6a51f0876a52 2075 tomboy_1.2.2-2.dsc e2ffb32f2819d37e9d850cc20660c897c15de181e3d7cd88c32430cc8b2add72 79713 tomboy_1.2.2-2.diff.gz 444cc3349d2298dc16f92220aeb91719e1566a5b52e0c8568c7b97851a13d4fd 4345868 tomboy_1.2.2-2_amd64.deb Files: 52f5917d5faef062807dbd43cc21aac2 2075 gnome optional tomboy_1.2.2-2.dsc 5494f07699b0b09e728e07c22fe9e182 79713 gnome optional tomboy_1.2.2-2.diff.gz 6f5c258618171ad3465b0c1662534e99 4345868 gnome optional tomboy_1.2.2-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBCAAGBQJM9QAXAAoJEMkPnLkOH60MlTsH/2jq5BrMANNrDtC/ijOTAzYN XbofcvfSyacxFktKlzHeTQFVotFdXlHlyfdKbnLn7WZJgXMd9mSFJlhLcVBomEAq MegVqQ+20gYhxUhj5m4HLG0HN+9IHklK3s0bHFFFM0jtUpo9kAbJIrIj9xZAcTe3 YrfDZ4cpNEjN8vmAUQNenvCA7t/px/YMpFjLZzfPfDVL6NBaFyz+p+xRwzBZLXJw dup7c9M6wOhPoDPpCaG5NUxd8T6AM9Eouf420kJh3AIfBke+Ep1+a3BNqwQcDSPZ tFpjCqLzRq/mfCFGJfVTo1M1nvtrmWiBn62DLsS7F+KKC9sYQoS2GCnq/U8XnJU= =WhnN -----END PGP SIGNATURE----- Accepted: tomboy_1.2.2-2.diff.gz to main/t/tomboy/tomboy_1.2.2-2.diff.gz tomboy_1.2.2-2.dsc to main/t/tomboy/tomboy_1.2.2-2.dsc tomboy_1.2.2-2_amd64.deb to main/t/tomboy/tomboy_1.2.2-2_amd64.deb