[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#7379: On the fix for CVE-2009-4029 Automake security fix for 'make d
|
From: |
Behdad Esfahbod |
|
Subject: |
bug#7379: On the fix for CVE-2009-4029 Automake security fix for 'make dist*' |
|
Date: |
Fri, 17 Dec 2010 00:00:11 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 |
On 12/16/10 18:19, Stefano Lattarini wrote:
> Hello Ralf and Behdad.
>
> On Wednesday 17 November 2010, Behdad Esfahbod wrote:
>>
>> On 11/13/10 03:00, Ralf Wildenhues wrote:
>>>
>>> You are the first person to report this in the 12 months since we
>>> released fixed versions of Automake. I don't have other data to go on
>>> but it thus doesn't seem to be a very wide spread issue to me, and
>>> there's the obvious workaround of a chmod -R after extraction, no?
>>>
>> When I read about the fix, this was the first thing that popped into my mind.
>> I didn't actually hit this issue.
>>
>> But I agree: most probably no one actually relies on the permissions being
>> correct right off the tarball anyway.
>>
>> Cheers,
>> behdad
>>
> Given this rationale, would it be ok to close this bug now?
Yes, as far as I'm concerned.
behdad
> Regards,
> Stefano
>