GNU bug report logs - #7379
On the fix for CVE-2009-4029 Automake security fix for 'make dist*'

Previous Next

Package: automake;

Reported by: Behdad Esfahbod <behdad <at> behdad.org>

Date: Thu, 11 Nov 2010 21:14:03 UTC

Severity: normal

Tags: wontfix

Done: Stefano Lattarini <stefano.lattarini <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #23 received at 7379 <at> debbugs.gnu.org (full text, mbox):

From: Behdad Esfahbod <behdad <at> behdad.org>
To: Stefano Lattarini <stefano.lattarini <at> gmail.com>
Cc: 7379 <at> debbugs.gnu.org, Ralf Wildenhues <Ralf.Wildenhues <at> gmx.de>,
	bug-automake <at> gnu.org
Subject: Re: bug#7379: On the fix for CVE-2009-4029 Automake security fix
	for 'make dist*'
Date: Fri, 17 Dec 2010 00:00:11 -0500

On 12/16/10 18:19, Stefano Lattarini wrote:
> Hello Ralf and Behdad.
> 
> On Wednesday 17 November 2010, Behdad Esfahbod wrote:
>>
>> On 11/13/10 03:00, Ralf Wildenhues wrote:
>>>
>>> You are the first person to report this in the 12 months since we
>>> released fixed versions of Automake.  I don't have other data to go on
>>> but it thus doesn't seem to be a very wide spread issue to me, and
>>> there's the obvious workaround of a chmod -R after extraction, no?
>>>
>> When I read about the fix, this was the first thing that popped into my mind.
>> I didn't actually hit this issue.
>>
>> But I agree: most probably no one actually relies on the permissions being
>> correct right off the tarball anyway.
>>
>> Cheers,
>> behdad
>>
> Given this rationale, would it be ok to close this bug now?

Yes, as far as I'm concerned.

behdad

> Regards,
>   Stefano
>
This bug report was last modified 14 years and 163 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.