diff -u vdr-1.6.0/debian/vdrleaktest vdr-1.6.0/debian/vdrleaktest
--- vdr-1.6.0/debian/vdrleaktest
+++ vdr-1.6.0/debian/vdrleaktest
@@ -65,7 +65,7 @@
 
 /etc/init.d/vdr stop
 
-LANG=C LD_LIBRARY_PATH="/usr/lib/debug;$LD_LIBRARY_PATH" \
+LANG=C LD_LIBRARY_PATH="/usr/lib/debug${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" \
    valgrind --tool=memcheck --leak-check=yes --num-callers=20 \
    --suppressions=/usr/share/vdr/valgrind.supp \
    /usr/bin/vdr-dbg -v $VIDEO_DIR -c $CFG_DIR -L $PLUGIN_DIR  -r $REC_CMD \
diff -u vdr-1.6.0/debian/changelog vdr-1.6.0/debian/changelog
--- vdr-1.6.0/debian/changelog
+++ vdr-1.6.0/debian/changelog
@@ -1,3 +1,17 @@
+vdr (1.6.0-18ubuntu2) maverick; urgency=low
+
+  * SECURITY UPDATE: vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a
+    zero-length directory name in the LD_LIBRARY_PATH, which allows local users
+    to gain privileges via a Trojan horse shared library in the current working
+    directory. (LP: #930700)
+    - http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/natty/vdr/natty/revision/24#debian/vdrleaktest
+      and
+      http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/natty/vdr/natty/revision/25#debian/vdrleaktest
+    - debian/vdrtestleak: changed to set LD_LIBRARY_PATH securely
+    - CVE-2010-3387
+
+ -- Zubin Mithra <zubin.mithra@gmail.com>  Mon, 13 Feb 2012 15:47:50 +0530
+
 vdr (1.6.0-18ubuntu1) maverick; urgency=low
 
   * Merge from Debian Unstable (LP: #622181), remaining changes: