[Bug 897525] Re: Security Vulnerability Ember 0.5.7
Ubuntu Foundation's Bug Bot
897525 at bugs.launchpad.net
Wed Nov 30 04:12:39 UTC 2011
The attachment "ember_0.5.7-1ubuntu1.debdiff" of this bug report has
been identified as being a patch in the form of a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. In the event that this is in
fact not a patch you can resolve this situation by removing the tag
'patch' from the bug report and editing the attachment so that it is not
flagged as a patch. Additionally, if you are member of the ubuntu-
sponsors please also unsubscribe the team from this bug report.
[This is an automated message performed by a Launchpad user owned by
Brian Murray. Please contact him regarding any issues with the action
taken in this bug report.]
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/897525
Title:
Security Vulnerability Ember 0.5.7
Status in “ember” package in Ubuntu:
Confirmed
Bug description:
Ember 0.5.7 places a zero-length directory name in the
LD_LIBRARY_PATH, which allows local users to gain privileges via a
Trojan horse shared library in the current working directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ember/+bug/897525/+subscriptions
More information about the Ubuntu-sponsors
mailing list