[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] {maint} news: improve wording in entry about CVE-2012-3386
From: |
Stefano Lattarini |
Subject: |
[FYI] {maint} news: improve wording in entry about CVE-2012-3386 |
Date: |
Mon, 9 Jul 2012 18:23:16 +0200 |
Signed-off-by: Stefano Lattarini <address@hidden>
---
NEWS | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/NEWS b/NEWS
index 800c7eb..8475ac2 100644
--- a/NEWS
+++ b/NEWS
@@ -99,12 +99,12 @@ Bugs fixed in 1.12.2:
* SECURITY VULNERABILITIES!
- - The recipe of the 'distcheck' no longer grants anymore temporary
- world-wide write permissions on the extracted distdir. Even if such
- rights were only granted for a vanishingly small time window, the
- implied race condition proved to be enough to allow a local attacker
- to run arbitrary code with the privileges of the user running "make
- distcheck". This is CVE-2012-3386.
+ - The 'distcheck' recipe no longer grants temporary world-write
+ permissions on the extracted distdir. Even if such rights were
+ only granted for a vanishingly small time window, the implied
+ race condition proved to be enough to allow a local attacker
+ to run arbitrary code with the privileges of the user running
+ "make distcheck". This is CVE-2012-3386.
* Long-standing bugs:
--
1.7.9.5
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [FYI] {maint} news: improve wording in entry about CVE-2012-3386,
Stefano Lattarini <=