*If* the patch you showed had been used, yes, it would have introduced a security bug. However, please read the debian bug report completely, where it's pointed out that the fix that leaves the colon in place is wrong and is later addressed. The correct fix is:
Zubin,
*If* the patch you showed had been used, yes, it would have introduced a security bug. However, please read the debian bug report completely, where it's pointed out that the fix that leaves the colon in place is wrong and is later addressed. The correct fix is:
-LANG=C LD_LIBRARY_ PATH="/ usr/lib/ debug:$ {LD_LIBRARY_ PATH:+: $LD_LIBRARY_ PATH}" \ PATH="/ usr/lib/ debug${ LD_LIBRARY_ PATH:+: $LD_LIBRARY_ PATH}" \
+LANG=C LD_LIBRARY_
which is indeed the fix that went in to the debian package in1.6.0-19.1 , and by extension, the natty version. You can see the specific change here:
http:// bazaar. launchpad. net/~ubuntu- branches/ ubuntu/ natty/vdr/ natty/revision/ 25#debian/ vdrleaktest
So I'm failing to see where an additional CVE needs to be assigned. Can you please clarify?