search

wangqing09 / google-breakpad

Automatically exported from code.google.com/p/google-breakpad
0 stars 0 forks source link

CVE-2009-4029 vulnerability #365

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
The dist or distcheck rules in GNU Automake 1.11.1, 1.10.3, and release
branches branch-1-4 through branch-1-9, when producing a distribution tarball
for a package that uses Automake, assign insecure permissions (777) to
directories in the build tree, which introduces a race condition that allows
local users to modify the contents of package files, introduce Trojan horse
programs, or conduct other attacks before the build is complete.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4029

Please consider to recreate Makefile.in using a new version of automake.

Original issue reported on code.google.com by gscriv...@gmail.com on 26 Jan 2010 at 1:47

GoogleCodeExporter commented 9 years ago 
The proposed fix

Original comment by gscriv...@gmail.com on 26 Jan 2010 at 2:06

Attachments:

GoogleCodeExporter commented 9 years ago 
jimb fixed this in r506.

Thanks for the report!

Original comment by ted.mielczarek on 2 Feb 2010 at 7:14