Candidate: CVE-2010-3374
PublicDate: 2010-10-04 21:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3374
 http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms
Description:
 Qt Creator before 2.0.1 places a zero-length directory name in the
 LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan
 horse shared library in the current working directory.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598300
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_qtcreator:
 upstream: http://www.qt.gitorious.org/qt-creator/qt-creator/commit/3c00715c8e90c57953ec4a8716110f6954e524e4
upstream_qtcreator: released (2.0.1)
dapper_qtcreator: DNE
hardy_qtcreator: DNE
jaunty_qtcreator: DNE
karmic_qtcreator: ignored (reached end-of-life)
lucid_qtcreator: ignored (reached end-of-life)
maverick_qtcreator: not-affected (2.0.1-1ubuntu3)
natty_qtcreator: not-affected (2.0.1-1ubuntu3)
oneiric_qtcreator: not-affected (2.0.1-1ubuntu3)
precise_qtcreator: not-affected (2.0.1-1ubuntu3)
quantal_qtcreator: not-affected (2.0.1-1ubuntu3)
raring_qtcreator: not-affected (2.0.1-1ubuntu3)
saucy_qtcreator: not-affected (2.0.1-1ubuntu3)
devel_qtcreator: not-affected (2.0.1-1ubuntu3)