Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 307633 - <sys-devel/m4-1.4.14-r1: Insecure File Permissions (CVE-2009-4029)
Summary: <sys-devel/m4-1.4.14-r1: Insecure File Permissions (CVE-2009-4029)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa]
Depends on:
Reported: 2010-03-03 15:33 UTC by Jeroen Roovers (RETIRED)
Modified: 2014-12-12 00:30 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2010-03-03 15:33:26 UTC
m4-1.4.14.tar.xz             24-Feb-2010 21:34  899K
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2010-03-03 15:36:56 UTC
GNU M4 NEWS - User visible changes.

* Noteworthy changes in Version 1.4.14 (2010-02-24) [stable]
  Released by Eric Blake, based on git version 1.4.13.*

** Fix regression introduced in 1.4.12 where executing with stdout closed
   could crash m4 on exit on some platforms.

** Fix regressions introduced in 1.4.13 in the `esyscmd' builtin, where
   closed file descriptors could interfere with child execution, and where
   a child status of 127 made m4 print a spurious message to stderr.

** Fix a security hole in 'make dist', present since at least M4 1.4, that
   could affect anybody attempting to redistribute modified sources (see
   Automake CVE-2009-4029).

** A number of portability improvements inherited from gnulib.
Comment 2 Tobias Heinlein (RETIRED) gentoo-dev 2010-03-03 16:52:49 UTC
Thanks for the report.
base-system, please provide an updated ebuild.
Comment 3 SpanKY gentoo-dev 2010-03-05 19:00:47 UTC
now in the tree
Comment 4 Patrick Lauer gentoo-dev 2010-03-06 09:14:21 UTC
That build failure is unrelated to m4. Removing from dependencies.
Comment 5 SpanKY gentoo-dev 2010-08-15 17:40:09 UTC
m4-1.4.14-r1 is ready for stabilization ... it contains only build fixes over 1.4.14 for systems that arent stable
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2010-08-15 20:08:13 UTC
amd64 done
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2010-08-15 21:35:51 UTC
x86 stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2010-08-15 23:45:51 UTC
Stable for HPPA.
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2010-08-16 00:30:54 UTC
Stable for PPC.
Comment 10 SpanKY gentoo-dev 2010-08-16 00:32:51 UTC
alpha/arm/ia64/s390/sh stable
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2010-08-27 17:04:17 UTC
sparc stable
Comment 12 Brent Baude (RETIRED) gentoo-dev 2010-09-06 20:25:33 UTC
ppc64 done
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2010-11-20 16:47:24 UTC
GLSA request filed.
Comment 14 Sean Amoss (RETIRED) gentoo-dev Security 2014-12-12 00:30:38 UTC
This issue was resolved and addressed in
 GLSA 201412-08 at
by GLSA coordinator Sean Amoss (ackle).