[ubuntu-mono] [Bug 658997] Re: please update from 0.3.4-1 to 0.3.4-1.1 from Debian (unstable)

[Launchpad Bug Tracker]

This bug was fixed in the package bareftp - 0.3.4-1ubuntu0.1

---------------
bareftp (0.3.4-1ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: Insecure library loading (LP: #658997)
  - bareftp.in: make sure LD_LIBRARY_PATH is always set to bareftp's standard
    library path. Patch thanks to Stefan Ebner.
  - CVE-2010-3350
 -- Jamie Strandboge <jamie at ubuntu.com>   Thu, 16 Dec 2010 15:27:47 -0600

** Changed in: bareftp (Ubuntu Maverick)
       Status: Fix Committed => Fix Released

** Changed in: bareftp (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
CLI/Mono Uploaders, which is subscribed to bareftp in ubuntu.
https://bugs.launchpad.net/bugs/658997

Title:
  please update from 0.3.4-1 to 0.3.4-1.1 from Debian (unstable)

Status in “bareftp” package in Ubuntu:
  Fix Released
Status in “bareftp” source package in Lucid:
  Fix Released
Status in “bareftp” source package in Maverick:
  Fix Released
Status in “bareftp” source package in Natty:
  Fix Released

Bug description:
  Binary package hint: bareftp

There is a local exploit identified as release critical from Debian based on overriding LD_LIBRARY_PATH (http://bugs.debian.org/598284).  We do not carry any patch for this package, and the only change from -1 to -1.1 is explicitly for this vulnerability.  0.3.4-1.1 does build on Maverick.

http://security-tracker.debian.org/tracker/CVE-2010-3350