From: Sebastian Harl Date: Fri, 25 Dec 2009 19:42:32 +0000 (+0100) Subject: changelog: Using --without-included-ltdl fixes CVE-2009-3736. X-Git-Tag: collectd-4.8.2-1~8 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=d4d6450bf490547555924e50c9e90e23103210ed;p=pkg-collectd.git changelog: Using --without-included-ltdl fixes CVE-2009-3736. Referring to for details about how collectd might be affected. Thanks to Michael Gilbert for reporting the issue! Closes: #559801 --- diff --git a/debian/changelog b/debian/changelog index 06ea04b..b2eacff 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ collectd (4.8.2-1) unstable; urgency=low - * New upstream release. + * New upstream release: + - Now using libtool 2. * Split the "collectd" binary package into "collectd-core" and "collectd". The former provides the main program file and the plugins while the latter provides the configuration. This allows for much more flexible setups @@ -45,7 +46,11 @@ collectd (4.8.2-1) unstable; urgency=low and Luke Heberling for providing the patch (Closes: #557599). * debian/rules: - Pass --without-included-ltdl to configure to tell libtool 2 to not use - the shipped libltdl but rather the one available in the system. + the shipped libltdl but rather the one available in the system. This + fixes a potential but very unlikely security issue of the embedded copy + (see CVE-2009-3736). For details about how collectd might be affected, + see ; thanks + to Michael Gilbert for reporting this (Closes: #559801). - Pass --disable-static to configure to tell libtool 2 to not build any static libraries. - Install debian/collectd.conf as an example into "collectd-core". @@ -54,7 +59,7 @@ collectd (4.8.2-1) unstable; urgency=low * debian/README.Debian: - Added a short explanation of the package split. - -- Sebastian Harl Fri, 25 Dec 2009 09:55:21 +0100 + -- Sebastian Harl Fri, 25 Dec 2009 20:41:02 +0100 collectd (4.8.1-2) unstable; urgency=low