Comment 3 for bug 930700

Zubin,

*If* the patch you showed had been used, yes, it would have introduced a security bug. However, please read the debian bug report completely, where it's pointed out that the fix that leaves the colon in place is wrong and is later addressed. The correct fix is:

-LANG=C LD_LIBRARY_PATH="/usr/lib/debug:${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" \
+LANG=C LD_LIBRARY_PATH="/usr/lib/debug${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" \

which is indeed the fix that went in to the debian package in1.6.0-19.1 , and by extension, the natty version. You can see the specific change here:

  http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/natty/vdr/natty/revision/25#debian/vdrleaktest

So I'm failing to see where an additional CVE needs to be assigned. Can you please clarify?