- update to 2.2.6b, fixes CVE-2009-3736: libltdl may load and execute code

from a library in the current directory
2009-12-02 11:09:10 +00:00 · 2009-12-02 11:09:10 +00:00 · 8019cb2cff
commit 8019cb2cff
parent 23aef11eec
3 changed files with 9 additions and 5 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +1 @@
-libtool-2.2.6a.tar.lzma
+libtool-2.2.6b.tar.lzma
--- a/libtool.spec
+++ b/libtool.spec
@ -2,11 +2,11 @@

 Summary: The GNU Portable Library Tool
 Name:    libtool
-Version: 2.2.6
-Release: 14%{?dist}
+Version: 2.2.6b
+Release: 1%{?dist}
 License: GPLv2+ and LGPLv2+ and GFDL
 Group:   Development/Tools
-Source:  http://ftp.gnu.org/gnu/libtool/libtool-%{version}a.tar.lzma
+Source:  http://ftp.gnu.org/gnu/libtool/libtool-%{version}.tar.lzma
 Patch0:  libtool-2.2.6a-rpath.patch
 URL:     http://www.gnu.org/software/libtool/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u} -n)
@ -142,6 +142,10 @@ fi


 %changelog
+* Tue Dec 01 2009 Karsten Hopp <karsten@redhat.com> 2.2.6b-1
+- update to 2.2.6b, fixes CVE-2009-3736:
+  libltdl may load and execute code from a library in the current directory
+
 * Wed Aug 12 2009 Ville Skyttä <ville.skytta@iki.fi> - 2.2.6-14
 - Use lzma compressed upstream tarball.

--- a/2
+++ b/2
@ -1 +1 @@
-b121e4848cc53fdd69e796aed73b9ccf  libtool-2.2.6a.tar.lzma
+a4b36980765003b47dd75ac9429f4f11  libtool-2.2.6b.tar.lzma