Mark Purcell
2012-Jan-23 21:21 UTC
[Secure-testing-team] Bug#657070: embedded library ltdl
Package: siproxd Version: 1:0.8.1-1 Severity: important Tags: security upstream help siproxd currently ships an embedded copy of the ltdl library. The original version of ltdl shipped was vunerable to ''CVE-2009-3736 local privlege esclation'' siproxd upstream (Thomas) have now upgraded the embedded copy of ltdl as a result siproxd is no longer vunerable to CVE-2009-3736. The current version of siproxd in Debian Fixed in version siproxd/1:0.8.1-1. However this Debian version is still using the embedded ltdl library, rather than the preferred system provided ltdl library. Whilst siproxd does detect if a system ltdl library is available it does fail to build from source (FTBFS) with the error: plugins.c:65: undefined reference to ''lt__PROGRAM__LTX_preloaded_symbols'' which has also been reported here: http://blog.gmane.org/gmane.network.siproxd/month=20110201 Assistance to fix this issue in the Debian package would be appreciated. Mark -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, ''unstable''), (1, ''experimental'') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages siproxd depends on: ii adduser 3.113 ii libc6 2.13-24 ii libosip2-7 3.6.0-2 siproxd recommends no packages. Versions of packages siproxd suggests: ii linphone 3.5.0-2 -- no debconf information