mirrors/coreutils
0
0
Fork 0
mirror of https://github.com/coreutils/coreutils.git synced 2024-11-24 10:23:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

doc: NEWS: mention the "make distcheck" vulnerability

Browse Source 
* NEWS (Bug fixes): Mention implications of the "make distcheck" change.
This was introduced on 2008-07-22 by commit 9bb0d576, "tests: ensure
"make check" w/tainted build dir no longer impacts $HOME".
This commit is contained in:
Jim Meyering 2009-12-09 13:04:46 +01:00
parent 19b460b239
commit 23c0cecaa8
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
NEWS
View File

@ -22,6 +22,13 @@ GNU coreutils NEWS -*- outline -*-
Specifically timeout now doesn't exit with an error message
if its parent ignores CHLD signals. [bug introduced in coreutils-7.6]
a user running "make distcheck" in the coreutils source directory,
with TMPDIR unset or set to the name of a world-writable directory,
and with a malicious user on the same system
was vulnerable to arbitrary code execution
[bug introduced in coreutils-7.0]
* Noteworthy changes in release 8.1 (2009-11-18) [stable]
** Bug fixes