From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id BAD1C138224 for ; Fri, 25 Oct 2013 23:58:20 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5499CE0B24; Fri, 25 Oct 2013 23:58:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E692CE0B24 for ; Fri, 25 Oct 2013 23:58:17 +0000 (UTC) Received: from flycatcher.gentoo.org (flycatcher.gentoo.org [81.93.255.6]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 07B8233EF15 for ; Fri, 25 Oct 2013 23:58:17 +0000 (UTC) Received: by flycatcher.gentoo.org (Postfix, from userid 2324) id A00B320036; Fri, 25 Oct 2013 23:58:15 +0000 (UTC) From: "Chris Reffett (creffett)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, creffett@gentoo.org Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201310-15.xml X-VCS-Repository: gentoo X-VCS-Files: glsa-201310-15.xml X-VCS-Directories: xml/htdocs/security/en/glsa X-VCS-Committer: creffett X-VCS-Committer-Name: Chris Reffett Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Message-Id: <20131025235815.A00B320036@flycatcher.gentoo.org> Date: Fri, 25 Oct 2013 23:58:15 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 785e9625-a4c3-4516-b59e-a0c72040fdac X-Archives-Hash: 6eaf5b4dd6447055ca6b3aa3bb87c6f5 creffett 13/10/25 23:58:15 Added: glsa-201310-15.xml Log: GLSA 201310-15 Revision Changes Path 1.1 xml/htdocs/security/en/glsa/glsa-201310-15.xml file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201310-15.xml?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201310-15.xml?rev=1.1&content-type=text/plain Index: glsa-201310-15.xml =================================================================== GNU Automake: Multiple vulnerabilities Multiple vulnerabilities have been found in GNU Automake, allowing local arbitrary command execution with the privileges of the user running an Automake-based build. automake October 25, 2013 October 25, 2013: 1 295357 426336 local 1.11.6 1.11.6

GNU Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards.

Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details.

A local attacker could execute arbitrary commands with the privileges of the user running an Automake-based build.

There is no known workaround at this time.

All Automake users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/automake-1.11.6" CVE-2009-4029 CVE-2012-3386 underling phajdan.jr