summary: 'CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory' description: | cat > ~/foo.java <\EOF public class foo { public static void main(String[] args) { System.loadLibrary("foolib"); } } EOF cd gcj -C foo.java cd /tmp strace -f -v -s1024 gij -cp ~/ foo 2>&1 | grep foolib (resp. s/gcj/gcj4/g;s/gij/gij4/ for gcc4 testing). If any relative path is seen, it is wrong. Bad examples are {lib,}foolib.la {hwcap,0,nosegneg}/{lib,}foolib.{so,la} contact: mcermak@redhat.com component: - gcc test: ./runtest.sh framework: beakerlib require: - gcc - gcc-java - libgcj - strace duration: 5m enabled: false tag: - CI-Tier-1 - Tier1 tier: '1' link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=537941 adjust: - enabled: true when: distro == rhel-6 or distro == rhel-5 extra-nitrate: TC#0062145 extra-summary: /tools/gcc/Regression/gcj/537941-libltdl-may-load-library-in-current-directory extra-task: /tools/gcc/Regression/gcj/537941-libltdl-may-load-library-in-current-directory