|Summary:||<sys-devel/m4-1.4.14-r1: Insecure File Permissions (CVE-2009-4029)|
|Product:||Gentoo Security||Reporter:||Jeroen Roovers (RETIRED) <jer>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
Description Jeroen Roovers (RETIRED) 2010-03-03 15:33:26 UTC
m4-1.4.14.tar.xz 24-Feb-2010 21:34 899K
Comment 1 Jeroen Roovers (RETIRED) 2010-03-03 15:36:56 UTC
GNU M4 NEWS - User visible changes. * Noteworthy changes in Version 1.4.14 (2010-02-24) [stable] Released by Eric Blake, based on git version 1.4.13.* ** Fix regression introduced in 1.4.12 where executing with stdout closed could crash m4 on exit on some platforms. ** Fix regressions introduced in 1.4.13 in the `esyscmd' builtin, where closed file descriptors could interfere with child execution, and where a child status of 127 made m4 print a spurious message to stderr. ** Fix a security hole in 'make dist', present since at least M4 1.4, that could affect anybody attempting to redistribute modified sources (see Automake CVE-2009-4029). ** A number of portability improvements inherited from gnulib.
Comment 2 Tobias Heinlein (RETIRED) 2010-03-03 16:52:49 UTC
Thanks for the report. base-system, please provide an updated ebuild.
Comment 3 SpanKY 2010-03-05 19:00:47 UTC
now in the tree
Comment 4 Patrick Lauer 2010-03-06 09:14:21 UTC
That build failure is unrelated to m4. Removing from dependencies.
Comment 5 SpanKY 2010-08-15 17:40:09 UTC
m4-1.4.14-r1 is ready for stabilization ... it contains only build fixes over 1.4.14 for systems that arent stable
Comment 6 Markos Chandras (RETIRED) 2010-08-15 20:08:13 UTC
Comment 7 Christian Faulhammer (RETIRED) 2010-08-15 21:35:51 UTC
Comment 8 Jeroen Roovers (RETIRED) 2010-08-15 23:45:51 UTC
Stable for HPPA.
Comment 9 Jeroen Roovers (RETIRED) 2010-08-16 00:30:54 UTC
Stable for PPC.
Comment 10 SpanKY 2010-08-16 00:32:51 UTC
Comment 11 Raúl Porcel (RETIRED) 2010-08-27 17:04:17 UTC
Comment 12 Brent Baude (RETIRED) 2010-09-06 20:25:33 UTC
Comment 13 Tim Sammut (RETIRED) 2010-11-20 16:47:24 UTC
GLSA request filed.
Comment 14 Sean Amoss (RETIRED) 2014-12-12 00:30:38 UTC
This issue was resolved and addressed in GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml by GLSA coordinator Sean Amoss (ackle).