[FYI] {maint} news: improve wording in entry about CVE-2012-3386

automake-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] {maint} news: improve wording in entry about CVE-2012-3386

From:	Stefano Lattarini
Subject:	[FYI] {maint} news: improve wording in entry about CVE-2012-3386
Date:	Mon, 9 Jul 2012 18:23:16 +0200

Signed-off-by: Stefano Lattarini <address@hidden>
---
 NEWS |   12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/NEWS b/NEWS
index 800c7eb..8475ac2 100644
--- a/NEWS
+++ b/NEWS
@@ -99,12 +99,12 @@ Bugs fixed in 1.12.2:
 
 * SECURITY VULNERABILITIES!
 
-  - The recipe of the 'distcheck' no longer grants anymore temporary
-    world-wide write permissions on the extracted distdir.  Even if such
-    rights were only granted for a vanishingly small time window, the
-    implied race condition proved to be enough to allow a local attacker
-    to run arbitrary code with the privileges of the user running "make
-    distcheck".  This is CVE-2012-3386.
+  - The 'distcheck' recipe no longer grants temporary world-write
+    permissions on the extracted distdir.  Even if such rights were
+    only granted for a vanishingly small time window, the implied
+    race condition proved to be enough to allow a local attacker
+    to run arbitrary code with the privileges of the user running
+    "make distcheck".  This is CVE-2012-3386.
 
 * Long-standing bugs:
 
-- 
1.7.9.5

[Prev in Thread]

Current Thread

[Next in Thread]

[FYI] {maint} news: improve wording in entry about CVE-2012-3386, Stefano Lattarini <=

Prev by Date: [FYI] {maint} maint: post-release minor version bump
Next by Date: [FYI] {maint} sync: update files from upstream with "make fetch"
Previous by thread: [FYI] {maint} maint: post-release minor version bump
Next by thread: [FYI] {maint} sync: update files from upstream with "make fetch"
Index(es):
- Date
- Thread