registry team mailing list archive

[Felix Geyer <debfx-pkg@xxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: qtcreator

>From http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms
>  A vulnerability has been found in Qt Creator 2.0.0
> and previous versions. The vulnerability occurs because
> of an insecure manipulation of a Unix environment variable
> by the "qtcreator" shell script. It manifests by causing Qt or
> Qt Creator to attempt to load certain library names from the
> current working directory.

This is fixed by the following upstream commit:
http://qt.gitorious.org/qt-creator/qt-creator/commit/3c00715c8e90c57953ec4a8716110f6954e524e4

** Affects: qtcreator (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: qtcreator (Debian)
     Importance: Unknown
         Status: Unknown

** Visibility changed to: Public

** Bug watch added: Debian Bug tracker #598300
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598300

** Also affects: qtcreator (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598300
   Importance: Unknown
       Status: Unknown

-- 
CVE-2010-3374: insecure library loading
https://bugs.launchpad.net/bugs/649991
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.