GNU bug report logs - #7379
On the fix for CVE-2009-4029 Automake security fix for 'make dist*'

Previous Next

Package: automake;

Reported by: Behdad Esfahbod <behdad <at> behdad.org>

Date: Thu, 11 Nov 2010 21:14:03 UTC

Severity: normal

Tags: wontfix

Done: Stefano Lattarini <stefano.lattarini <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stefano Lattarini <stefano.lattarini <at> gmail.com>
To: bug-automake <at> gnu.org
Cc: 7379 <at> debbugs.gnu.org, Behdad Esfahbod <behdad <at> behdad.org>, Ralf Wildenhues <Ralf.Wildenhues <at> gmx.de>
Subject: bug#7379: On the fix for CVE-2009-4029 Automake security fix for 'make dist*'
Date: Fri, 17 Dec 2010 00:19:06 +0100

Hello Ralf and Behdad.

On Wednesday 17 November 2010, Behdad Esfahbod wrote:
>
> On 11/13/10 03:00, Ralf Wildenhues wrote:
>>
>> You are the first person to report this in the 12 months since we
>> released fixed versions of Automake.  I don't have other data to go on
>> but it thus doesn't seem to be a very wide spread issue to me, and
>> there's the obvious workaround of a chmod -R after extraction, no?
>>
> When I read about the fix, this was the first thing that popped into my mind.
> I didn't actually hit this issue.
> 
> But I agree: most probably no one actually relies on the permissions being
> correct right off the tarball anyway.
> 
> Cheers,
> behdad
> 
Given this rationale, would it be ok to close this bug now?

Regards,
  Stefano

This bug report was last modified 14 years and 163 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #7379 On the fix for CVE-2009-4029 Automake security fix for 'make dist*'

GNU bug report logs - #7379
On the fix for CVE-2009-4029 Automake security fix for 'make dist*'