summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRalf Wildenhues <Ralf.Wildenhues@gmx.de>2009-12-08 22:31:37 +0100
committerRalf Wildenhues <Ralf.Wildenhues@gmx.de>2009-12-08 22:31:37 +0100
commit7ba6e84e89677cb24d504a070e9387cbc74f8747 (patch)
tree02fa640367c6b63b910bef66877da71ceeb8ec0d
parent365dc7e0b44579510f19f109f2db8d4a88891d0c (diff)
downloadautomake-7ba6e84e89677cb24d504a070e9387cbc74f8747.tar.gz
Update NEWS.br-1-9
* NEWS: Update. Signed-off-by: Ralf Wildenhues <Ralf.Wildenhues@gmx.de>
Diffstat
-rw-r--r--ChangeLog4
-rw-r--r--NEWS4
2 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 8f3ea9c1f..1bb240f81 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2009-12-08 Ralf Wildenhues <Ralf.Wildenhues@gmx.de>
+
+ * NEWS: Update.
+
2009-11-28 Jim Meyering <meyering@redhat.com>
do not put world-writable directories in distribution tarballs
diff --git a/NEWS b/NEWS
index 998b161de..2a317b2fc 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,10 @@ Bugs fixes in 1.9.6a:
* Longstanding bugs:
- The distribution is tarred up with mode 755 now by the `dist*' targets.
+ This fixes a race condition where untrusted users could modify files
+ in the $(PACKAGE)-$(VERSION) distdir before packing if the toplevel
+ build directory was world-searchable. This is CVE-2009-4029.
+
Bugs fixed in 1.9.6:
View Lorry Controller Status