On 07/10/2012 12:40 AM, Eric Dorland wrote: > * Stefano Lattarini (stefano.lattar...@gmail.com) wrote: >> On 07/10/2012 12:14 AM, Eric Dorland wrote: >>> >>> Are older versions of automake also vulnerable? >>> >> Yes, all those back to 1.4 (at least). Sorry for not stating that >> explicitly. > > Awesome :) Is there a diff or git commit I can look at to start the > backporting. > See the attachment to: <http://lists.gnu.org/archive/html/automake/2012-07/msg00023.html>
Not sure how well that will work with older Automake releases though; while ploughing through the 1.4 and 1.5 releases, I remember seeing several scary "chmod -R a+w ..." as well as "chmod 777 ..." commands. You might want to do a more sweeping audit of those older releases if you want to actually (try to) secure them. > I just happen to be at DebConf this week so the timing is pretty good. > Well, good work then (and as an happy Debian user I might add: keep up the good work :-) Regards, Stefano
