diff options
| author | Jim Meyering <meyering@redhat.com> | 2009-12-09 13:04:46 +0100 |
|---|---|---|
| committer | Jim Meyering <meyering@redhat.com> | 2009-12-09 13:09:33 +0100 |
| commit | 23c0cecaa8ca102292fe33d771c8cd2220249b59 (patch) | |
| tree | 33ad9766ee9cdffdc64ce3b252796843ab66ffe0 | |
| parent | 19b460b239e2580ef4db4ce46b996e31bd1d0395 (diff) | |
| download | coreutils-23c0cecaa8ca102292fe33d771c8cd2220249b59.tar.xz | |
doc: NEWS: mention the "make distcheck" vulnerability
* NEWS (Bug fixes): Mention implications of the "make distcheck" change.
This was introduced on 2008-07-22 by commit 9bb0d576, "tests: ensure
"make check" w/tainted build dir no longer impacts $HOME".
| -rw-r--r-- | NEWS | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -22,6 +22,13 @@ GNU coreutils NEWS -*- outline -*- Specifically timeout now doesn't exit with an error message if its parent ignores CHLD signals. [bug introduced in coreutils-7.6] + a user running "make distcheck" in the coreutils source directory, + with TMPDIR unset or set to the name of a world-writable directory, + and with a malicious user on the same system + was vulnerable to arbitrary code execution + [bug introduced in coreutils-7.0] + + * Noteworthy changes in release 8.1 (2009-11-18) [stable] ** Bug fixes |