Date: Tue, 7 Aug 2012 15:57:26 +0000 (UTC) From: Wesley Shields <wxs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r302244 - head/security/vuxml Message-ID: <201208071557.q77FvQEP078510@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: wxs Date: Tue Aug 7 15:57:26 2012 New Revision: 302244 URL: http://svn.freebsd.org/changeset/ports/302244 Log: Fix up whitespace in 10f38033-e006-11e1-9304-000000000000. Replace broken vid in 10f38033-e006-11e1-9304-000000000000 with one that is correct. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Aug 7 14:48:56 2012 (r302243) +++ head/security/vuxml/vuln.xml Tue Aug 7 15:57:26 2012 (r302244) @@ -87,7 +87,7 @@ Note: Please add new entries to the beg </dates> </vuln> - <vuln vid="10f38033-e006-11e1-9304-000000000000"> + <vuln vid="36235c38-e0a8-11e1-9f4d-002354ed89bc"> <topic>automake -- Insecure 'distcheck' recipe granted world-writable distdir</topic> <affects> <package> @@ -100,15 +100,17 @@ Note: Please add new entries to the beg <p>GNU reports:</p> <blockquote cite="https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html">; <p>The recipe of the 'distcheck' target granted temporary -world-write permissions on the extracted distdir. This introduced -a locally exploitable race condition for those who run "make distcheck" -with a non-restrictive umask (e.g., 022) in a directory that was -accessible by others. A successful exploit would result in arbitrary -code execution with the privileges of the user running "make distcheck".</p> + world-write permissions on the extracted distdir. This introduced + a locally exploitable race condition for those who run "make + distcheck" with a non-restrictive umask (e.g., 022) in a directory + that was accessible by others. A successful exploit would result + in arbitrary code execution with the privileges of the user + running "make distcheck".</p> <p>It is important to stress that this vulnerability impacts not only -the Automake package itself, but all packages with Automake-generated -makefiles. For an effective fix it is necessary to regenerate the -Makefile.in files with a fixed Automake version.</p> + the Automake package itself, but all packages with + Automake-generated makefiles. For an effective fix it is necessary + to regenerate the Makefile.in files with a fixed Automake + version.</p> </blockquote> </body> </description> @@ -119,6 +121,7 @@ Makefile.in files with a fixed Automake <dates> <discovery>2012-07-09</discovery> <entry>2012-08-06</entry> + <modified>2012-08-07</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208071557.q77FvQEP078510>