svn commit: r302244 - head/security/vuxml

Wesley Shields wxs at FreeBSD.org
Tue Aug 7 15:57:27 UTC 2012 

Author: wxs
Date: Tue Aug  7 15:57:26 2012
New Revision: 302244
URL: http://svn.freebsd.org/changeset/ports/302244

Log:
  Fix up whitespace in 10f38033-e006-11e1-9304-000000000000.
  Replace broken vid in 10f38033-e006-11e1-9304-000000000000 with one that is
  correct.

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue Aug  7 14:48:56 2012	(r302243)
+++ head/security/vuxml/vuln.xml	Tue Aug  7 15:57:26 2012	(r302244)
@@ -87,7 +87,7 @@ Note:  Please add new entries to the beg
     </dates>
   </vuln>
 
-  <vuln vid="10f38033-e006-11e1-9304-000000000000">
+  <vuln vid="36235c38-e0a8-11e1-9f4d-002354ed89bc">
     <topic>automake -- Insecure 'distcheck' recipe granted world-writable distdir</topic>
     <affects>
       <package>
@@ -100,15 +100,17 @@ Note:  Please add new entries to the beg
 	<p>GNU reports:</p>
 	<blockquote cite="https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html">
 	  <p>The recipe of the 'distcheck' target granted temporary
-world-write permissions on the extracted distdir.  This introduced
-a locally exploitable race condition for those who run "make distcheck"
-with a non-restrictive umask (e.g., 022) in a directory that was
-accessible by others.  A successful exploit would result in arbitrary
-code execution with the privileges of the user running "make distcheck".</p>
+	    world-write permissions on the extracted distdir.  This introduced
+	    a locally exploitable race condition for those who run "make
+	    distcheck" with a non-restrictive umask (e.g., 022) in a directory
+	    that was accessible by others.  A successful exploit would result
+	    in arbitrary code execution with the privileges of the user
+	    running "make distcheck".</p>
 	  <p>It is important to stress that this vulnerability impacts not only
-the Automake package itself, but all packages with Automake-generated
-makefiles.  For an effective fix it is necessary to regenerate the
-Makefile.in files with a fixed Automake version.</p>
+	    the Automake package itself, but all packages with
+	    Automake-generated makefiles.  For an effective fix it is necessary
+	    to regenerate the Makefile.in files with a fixed Automake
+	    version.</p>
 	</blockquote>
       </body>
     </description>
@@ -119,6 +121,7 @@ Makefile.in files with a fixed Automake 
     <dates>
       <discovery>2012-07-09</discovery>
       <entry>2012-08-06</entry>
+      <modified>2012-08-07</modified>
     </dates>
   </vuln>

More information about the svn-ports-all mailing list