Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)

automake

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)

From:	Eric Dorland
Subject:	Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)
Date:	Tue, 10 Jul 2012 16:12:50 -0400
User-agent:	Mutt/1.5.21 (2010-09-15)

* Stefano Lattarini (address@hidden) wrote:
> On 07/10/2012 12:40 AM, Eric Dorland wrote:
> > * Stefano Lattarini (address@hidden) wrote:
> >> On 07/10/2012 12:14 AM, Eric Dorland wrote:
> >>> 
> >>> Are older versions of automake also vulnerable?
> >>> 
> >> Yes, all those back to 1.4 (at least).  Sorry for not stating that 
> >> explicitly.
> > 
> > Awesome :) Is there a diff or git commit I can look at to start the 
> > backporting.
> > 
> See the attachment to:
> <http://lists.gnu.org/archive/html/automake/2012-07/msg00023.html>
> 
> Not sure how well that will work with older Automake releases though; while
> ploughing through the 1.4 and 1.5 releases, I remember seeing several scary
> "chmod -R a+w ..." as well as "chmod 777 ..." commands.  You might want to
> do a more sweeping audit of those older releases if you want to actually
> (try to) secure them.

I'll probably spend my time instead trying to remove automake 1.4 from
Debian at this point since it's super old.
 
> > I just happen to be at DebConf this week so the timing is pretty good.
> > 
> Well, good work then (and as an happy Debian user I might add: keep up the
> good work :-)

Thanks!

-- 
Eric Dorland <address@hidden>
ICQ: #61138586, Jabber: address@hidden

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Stefano Lattarini, 2012/07/09
- Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Eric Dorland, 2012/07/09
  - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Stefano Lattarini, 2012/07/09
    - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Eric Dorland, 2012/07/09
    - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Stefano Lattarini, 2012/07/09
    - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Eric Dorland <=
    - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), tsuna, 2012/07/10
    - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Eric Dorland, 2012/07/12
    - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Stefano Lattarini, 2012/07/12
    - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Eric Dorland, 2012/07/12
    - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Stefano Lattarini, 2012/07/13
    - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Diego Elio Pettenò, 2012/07/13
    - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Stefano Lattarini, 2012/07/13
    - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Eric Dorland, 2012/07/13
- Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Dmitry V. Levin, 2012/07/10
  - Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Stefano Lattarini, 2012/07/09

Prev by Date: Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)
Next by Date: Re: GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)
Previous by thread: Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)
Next by thread: Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)
Index(es):
- Date
- Thread