Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0
cause the working directory to be added to LD_LIBRARY_PATH, which might allow
local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam.
This bug is for blam.
I'll attach a patch for this, please coordinate the inclusion upstream and apply in the ebuild.
Created attachment 136557 [details, diff]
any news here?
Maintainers, please apply the attached patch. Otherwise we will have to bump the package ourselves or apply a p.mask.
Created attachment 140433 [details, diff]
The patch above was a wrong file, sorry.
*blam-1.8.4 (08 Jan 2008)
08 Jan 2008; Robert Buchholz <email@example.com>
Version bump by security for untrusted search path vulnerability
(CVE-2005-4790, bug #199841). Cleaning up old patches.
Arches, please test and mark stable net-news/blam-1.8.4.
Target keywords : "amd64 ppc x86"
*** Bug 187283 has been marked as a duplicate of this bug. ***
GLSA request filed.