Summary: | <sys-devel/m4-1.4.14-r1: Insecure File Permissions (CVE-2009-4029) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/38707/ | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2010-03-03 15:33:26 UTC
GNU M4 NEWS - User visible changes. * Noteworthy changes in Version 1.4.14 (2010-02-24) [stable] Released by Eric Blake, based on git version 1.4.13.* ** Fix regression introduced in 1.4.12 where executing with stdout closed could crash m4 on exit on some platforms. ** Fix regressions introduced in 1.4.13 in the `esyscmd' builtin, where closed file descriptors could interfere with child execution, and where a child status of 127 made m4 print a spurious message to stderr. ** Fix a security hole in 'make dist', present since at least M4 1.4, that could affect anybody attempting to redistribute modified sources (see Automake CVE-2009-4029). ** A number of portability improvements inherited from gnulib. Thanks for the report. base-system, please provide an updated ebuild. now in the tree That build failure is unrelated to m4. Removing from dependencies. m4-1.4.14-r1 is ready for stabilization ... it contains only build fixes over 1.4.14 for systems that arent stable amd64 done x86 stable Stable for HPPA. Stable for PPC. alpha/arm/ia64/s390/sh stable sparc stable ppc64 done GLSA request filed. This issue was resolved and addressed in GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml by GLSA coordinator Sean Amoss (ackle). |