[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] doc: NEWS: mention the "make distcheck" vulnerability
From: |
Jim Meyering |
Subject: |
[PATCH] doc: NEWS: mention the "make distcheck" vulnerability |
Date: |
Wed, 09 Dec 2009 13:12:27 +0100 |
FYI,
>From 23c0cecaa8ca102292fe33d771c8cd2220249b59 Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Wed, 9 Dec 2009 13:04:46 +0100
Subject: [PATCH] doc: NEWS: mention the "make distcheck" vulnerability
* NEWS (Bug fixes): Mention implications of the "make distcheck" change.
This was introduced on 2008-07-22 by commit 9bb0d576, "tests: ensure
"make check" w/tainted build dir no longer impacts $HOME".
---
NEWS | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/NEWS b/NEWS
index e30e7e5..a281838 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,13 @@ GNU coreutils NEWS -*-
outline -*-
Specifically timeout now doesn't exit with an error message
if its parent ignores CHLD signals. [bug introduced in coreutils-7.6]
+ a user running "make distcheck" in the coreutils source directory,
+ with TMPDIR unset or set to the name of a world-writable directory,
+ and with a malicious user on the same system
+ was vulnerable to arbitrary code execution
+ [bug introduced in coreutils-7.0]
+
+
* Noteworthy changes in release 8.1 (2009-11-18) [stable]
** Bug fixes
--
1.6.6.rc1.319.g9b57d
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] doc: NEWS: mention the "make distcheck" vulnerability,
Jim Meyering <=