diff options
author | Ralf Wildenhues <Ralf.Wildenhues@gmx.de> | 2009-12-08 22:31:37 +0100 |
---|---|---|
committer | Ralf Wildenhues <Ralf.Wildenhues@gmx.de> | 2009-12-08 22:31:37 +0100 |
commit | 7ba6e84e89677cb24d504a070e9387cbc74f8747 (patch) | |
tree | 02fa640367c6b63b910bef66877da71ceeb8ec0d | |
parent | 365dc7e0b44579510f19f109f2db8d4a88891d0c (diff) | |
download | automake-7ba6e84e89677cb24d504a070e9387cbc74f8747.tar.gz |
Update NEWS.br-1-9
* NEWS: Update.
Signed-off-by: Ralf Wildenhues <Ralf.Wildenhues@gmx.de>
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | NEWS | 4 |
2 files changed, 8 insertions, 0 deletions
@@ -1,3 +1,7 @@ +2009-12-08 Ralf Wildenhues <Ralf.Wildenhues@gmx.de> + + * NEWS: Update. + 2009-11-28 Jim Meyering <meyering@redhat.com> do not put world-writable directories in distribution tarballs @@ -3,6 +3,10 @@ Bugs fixes in 1.9.6a: * Longstanding bugs: - The distribution is tarred up with mode 755 now by the `dist*' targets. + This fixes a race condition where untrusted users could modify files + in the $(PACKAGE)-$(VERSION) distdir before packing if the toplevel + build directory was world-searchable. This is CVE-2009-4029. + Bugs fixed in 1.9.6: |