[Bug 649991] [NEW] CVE-2010-3374: insecure library loading
Felix Geyer
debfx-pkg at fobos.de
Tue Sep 28 16:12:07 UTC 2010
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: qtcreator
>From http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms
> A vulnerability has been found in Qt Creator 2.0.0
> and previous versions. The vulnerability occurs because
> of an insecure manipulation of a Unix environment variable
> by the "qtcreator" shell script. It manifests by causing Qt or
> Qt Creator to attempt to load certain library names from the
> current working directory.
This is fixed by the following upstream commit:
http://qt.gitorious.org/qt-creator/qt-creator/commit/3c00715c8e90c57953ec4a8716110f6954e524e4
** Affects: qtcreator (Ubuntu)
Importance: Undecided
Status: New
** Affects: qtcreator (Debian)
Importance: Unknown
Status: Unknown
** Visibility changed to: Public
** Bug watch added: Debian Bug tracker #598300
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598300
** Also affects: qtcreator (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598300
Importance: Unknown
Status: Unknown
--
CVE-2010-3374: insecure library loading
https://bugs.launchpad.net/bugs/649991
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qtcreator in ubuntu.
More information about the kubuntu-bugs
mailing list