[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[commit-womb] gnumaint .cvsignore Makefile template-cveauto.txt
From: |
karl |
Subject: |
[commit-womb] gnumaint .cvsignore Makefile template-cveauto.txt |
Date: |
Sun, 10 Mar 2013 21:39:09 +0000 |
CVSROOT: /sources/womb
Module name: gnumaint
Changes by: karl <karl> 13/03/10 21:39:09
Modified files:
. : .cvsignore Makefile
Added files:
. : template-cveauto.txt
Log message:
cveauto bulk email
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnumaint/.cvsignore?cvsroot=womb&r1=1.11&r2=1.12
http://cvs.savannah.gnu.org/viewcvs/gnumaint/Makefile?cvsroot=womb&r1=1.46&r2=1.47
http://cvs.savannah.gnu.org/viewcvs/gnumaint/template-cveauto.txt?cvsroot=womb&rev=1.1
Patches:
Index: .cvsignore
===================================================================
RCS file: /sources/womb/gnumaint/.cvsignore,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- .cvsignore 3 Mar 2013 23:59:52 -0000 1.11
+++ .cvsignore 10 Mar 2013 21:39:09 -0000 1.12
@@ -7,4 +7,4 @@
pkgnames.frommaint
pkgnames.fromdir
fsd
-pkglist-fsfpackages.txt
+pkglist-*.txt
Index: Makefile
===================================================================
RCS file: /sources/womb/gnumaint/Makefile,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -b -r1.46 -r1.47
--- Makefile 3 Mar 2013 23:59:52 -0000 1.46
+++ Makefile 10 Mar 2013 21:39:09 -0000 1.47
@@ -1,4 +1,4 @@
-# $Id: Makefile,v 1.46 2013/03/03 23:59:52 karl Exp $
+# $Id: Makefile,v 1.47 2013/03/10 21:39:09 karl Exp $
# Copyright 2007, 2008, 2009, 2010, 2011, 2012, 2013
# Free Software Foundation, Inc.
#
@@ -28,8 +28,8 @@
gm generate maintainers bypackage
test-genemail email:
- gm generate email bypackage -o msg.1302 -p pkglist-cveauto.txt -t
template-cveauto.txt
- ls msg.1302/
+ gm generate email bypackage -o msg.1303 -p pkglist-cveauto.txt -t
template-cveauto.txt
+ ls msg.1303/
email-1201:
gm generate email bypackage -o msg.1201 -p pkglist-fsfpackages.txt -t
template-copyright.txt
Index: template-cveauto.txt
===================================================================
RCS file: template-cveauto.txt
diff -N template-cveauto.txt
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ template-cveauto.txt 10 Mar 2013 21:39:09 -0000 1.1
@@ -0,0 +1,39 @@
+From: address@hidden (GNU Project)
+To: %PACKAGE_MAINTAINERS
+Subject: %PACKAGE_NAME and Automake-related vulnerabilities
+Precedence: bulk
+
+Greetings,
+
+I'm sending you this message on behalf of GNU because as far as we know,
+you are the maintainer(s) of %PACKAGE_NAME. (If you're not maintaining
+it, please reply to let me know.)
+
+Two vulnerabilities related to Automake-generated Makefiles and the dist
+and distcheck target were discovered some time ago. It seemed to me
+that the latest release of %PACKAGE_NAME on ftp.gnu.org was still
+vulnerable to one or both. They are:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4029
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
+
+(If you did make a later release that fixes these issues, don't worry
+about this email, and sorry for the noise. I could not determine
+the status with absolute certainty.)
+
+The issues were fixed in automake releases 1.12.2 and 1.11.6. So the
+simplest way to mitigate them is to regenerate the Makefiles using an
+automake that is at least that new and re-release. If you don't want to
+do that, you can also hack the Makefiles to fix the problem by hand:
+ http://lists.gnu.org/archive/html/savannah-hackers/2012-12/msg00049.html
+
+Although these vulnerabilities do not have a high probability of being
+exploited, of course we want GNU software to be safe. So it would be
+good to make a new release, even if it's just to fix these bugs. Of
+course other fixes or features are all to the good.
+
+As usual, aside from this issue, if you have any news or questions
+regarding the package, please let me know at address@hidden
+Thanks for contributing to GNU, and happy hacking.
+
+Karl Berry
+Assistant Chief GNUisance
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [commit-womb] gnumaint .cvsignore Makefile template-cveauto.txt,
karl <=