CVE-2010-3374: insecure library loading
Bug #649991 reported by
Felix Geyer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qtcreator (Debian) |
Fix Released
|
Unknown
|
|||
qtcreator (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Karmic |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: qtcreator
From http://
> A vulnerability has been found in Qt Creator 2.0.0
> and previous versions. The vulnerability occurs because
> of an insecure manipulation of a Unix environment variable
> by the "qtcreator" shell script. It manifests by causing Qt or
> Qt Creator to attempt to load certain library names from the
> current working directory.
This is fixed by the following upstream commit:
http://
CVE References
visibility: | private → public |
Changed in qtcreator (Ubuntu Karmic): | |
status: | New → Confirmed |
Changed in qtcreator (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in qtcreator (Ubuntu): | |
status: | New → Invalid |
Changed in qtcreator (Ubuntu): | |
status: | Invalid → Fix Released |
Changed in qtcreator (Debian): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
qtcreator (1.2.1-3ubuntu1.1) karmic-security; urgency=low
* SECURITY UPDATE: insecure library loading (LP: #649991) qt.gitorious. org/qt- creator/ qt-creator/ commit/ 3c00715c8e90c57 953ec4a8716110f 6954e524e4
- bin/qtcreator: don't add an empty element to LD_LIBRARY_PATH,
based on patch from upstream.
- http://
- CVE-2010-3374
-- Felix Geyer <email address hidden> Tue, 28 Sep 2010 18:30:43 +0200