<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">

</head>

<body bgcolor="#ffffff" text="#000000">

<br>

<br>

-------- Original Message --------

<table class="moz-email-headers-table" border="0" cellpadding="0"

 cellspacing="0">

  <tbody>

    <tr>

      <th nowrap="nowrap" valign="BASELINE" align="RIGHT">Subject: </th>

      <td>Re: [LAD] interesting security update to bristol just came out</td>

    </tr>

    <tr>

      <th nowrap="nowrap" valign="BASELINE" align="RIGHT">Date: </th>

      <td>Mon, 15 Nov 2010 19:46:30 +0000</td>

    </tr>

    <tr>

      <th nowrap="nowrap" valign="BASELINE" align="RIGHT">From: </th>

      <td>Paul Davis <a class="moz-txt-link-rfc2396E" href="mailto:paul@linuxaudiosystems.com">&lt;paul@linuxaudiosystems.com&gt;</a></td>

    </tr>

    <tr>

      <th nowrap="nowrap" valign="BASELINE" align="RIGHT">To: </th>

      <td>Niels Mayer <a class="moz-txt-link-rfc2396E" href="mailto:nielsmayer@gmail.com">&lt;nielsmayer@gmail.com&gt;</a></td>

    </tr>

    <tr>

      <th nowrap="nowrap" valign="BASELINE" align="RIGHT">CC: </th>

      <td>PlanetCCRMA mailinglist

<a class="moz-txt-link-rfc2396E" href="mailto:planetccrma@ccrma.stanford.edu">&lt;planetccrma@ccrma.stanford.edu&gt;</a>, Linux Audio Developers

<a class="moz-txt-link-rfc2396E" href="mailto:linux-audio-dev@lists.linuxaudio.org">&lt;linux-audio-dev@lists.linuxaudio.org&gt;</a>, fedora-music-list

<a class="moz-txt-link-rfc2396E" href="mailto:fedora-music-list@redhat.com">&lt;fedora-music-list@redhat.com&gt;</a></td>

    </tr>

  </tbody>

</table>

<br>

<br>

<pre>On Mon, Nov 15, 2010 at 5:39 PM, Niels Mayer <a class="moz-txt-link-rfc2396E" href="mailto:nielsmayer@gmail.com">&lt;nielsmayer@gmail.com&gt;</a> wrote:

&gt; I noticed that bristol-0.40.7-7 updated due to the following security

&gt; update. What got me curious is what kind of security issue could

&gt; running bristol possibly pose?? -- none on it's own, but another rogue

&gt; package could exploit this issue ...

for whatever its worth, ardour had the same issue.

there's a more elegant fix than the one shown in that bug report

though. the general form is:

   LD_LIBRARY_PATH=StuffToAddToLdLibraryPath${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}

_______________________________________________

Linux-audio-dev mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Linux-audio-dev@lists.linuxaudio.org">Linux-audio-dev@lists.linuxaudio.org</a>

<a class="moz-txt-link-freetext" href="http://lists.linuxaudio.org/listinfo/linux-audio-dev">http://lists.linuxaudio.org/listinfo/linux-audio-dev</a>

</pre>

</body>

</html>