* Stefano Lattarini (stefano.lattar...@gmail.com) wrote: > On 07/10/2012 12:40 AM, Eric Dorland wrote: > > * Stefano Lattarini (stefano.lattar...@gmail.com) wrote: > >> On 07/10/2012 12:14 AM, Eric Dorland wrote: > >>> > >>> Are older versions of automake also vulnerable? > >>> > >> Yes, all those back to 1.4 (at least). Sorry for not stating that > >> explicitly. > > > > Awesome :) Is there a diff or git commit I can look at to start the > > backporting. > > > See the attachment to: > <http://lists.gnu.org/archive/html/automake/2012-07/msg00023.html> > > Not sure how well that will work with older Automake releases though; while > ploughing through the 1.4 and 1.5 releases, I remember seeing several scary > "chmod -R a+w ..." as well as "chmod 777 ..." commands. You might want to > do a more sweeping audit of those older releases if you want to actually > (try to) secure them.
I'll probably spend my time instead trying to remove automake 1.4 from Debian at this point since it's super old. > > I just happen to be at DebConf this week so the timing is pretty good. > > > Well, good work then (and as an happy Debian user I might add: keep up the > good work :-) Thanks! -- Eric Dorland <e...@kuroneko.ca> ICQ: #61138586, Jabber: ho...@jabber.com
signature.asc
Description: Digital signature
