[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)

From: Stefano Lattarini
Subject: Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)
Date: Tue, 10 Jul 2012 00:59:16 +0200

On 07/10/2012 12:40 AM, Eric Dorland wrote:
> * Stefano Lattarini (address@hidden) wrote:
>> On 07/10/2012 12:14 AM, Eric Dorland wrote:
>>> Are older versions of automake also vulnerable?
>> Yes, all those back to 1.4 (at least).  Sorry for not stating that 
>> explicitly.
> Awesome :) Is there a diff or git commit I can look at to start the 
> backporting.
See the attachment to:

Not sure how well that will work with older Automake releases though; while
ploughing through the 1.4 and 1.5 releases, I remember seeing several scary
"chmod -R a+w ..." as well as "chmod 777 ..." commands.  You might want to
do a more sweeping audit of those older releases if you want to actually
(try to) secure them.

> I just happen to be at DebConf this week so the timing is pretty good.
Well, good work then (and as an happy Debian user I might add: keep up the
good work :-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]