[ubuntu-mono] [Bug 658997] Re: please update from 0.3.4-1 to 0.3.4-1.1 from Debian (unstable)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Nov 4 15:25:05 GMT 2010
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
posting a debdiff for this issue. When a debdiff is available, members
of the security team will review it and publish the package. See the
following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3350
** Visibility changed to: Public
--
please update from 0.3.4-1 to 0.3.4-1.1 from Debian (unstable)
https://bugs.launchpad.net/bugs/658997
You received this bug notification because you are a member of Ubuntu
CLI/Mono Uploaders, which is subscribed to bareftp in ubuntu.
Status in “bareftp” package in Ubuntu: New
Bug description:
Binary package hint: bareftp
There is a local exploit identified as release critical from Debian based on overriding LD_LIBRARY_PATH (http://bugs.debian.org/598284). We do not carry any patch for this package, and the only change from -1 to -1.1 is explicitly for this vulnerability. 0.3.4-1.1 does build on Maverick.
http://security-tracker.debian.org/tracker/CVE-2010-3350
More information about the Ubuntu-mono
mailing list