Bug#570850: automake: Typo ? when marking fixed for oldstable

2012-01-29 Thread Serafeim Zanikolas 
notfixed 570850 1:1.10.3-1
thanks

On Sun, Jan 29, 2012 at 05:03:51PM +0900, Osamu Aoki wrote:
> Hi,
> 
> This is for bug #570850: automake: Fix CVE-2009-4029 in Lenny/stable
> 
>  Reported by: Sylvain Beucler 
>  Date: Sun, 21 Feb 2010 21:06:01 UTC
>  Severity: grave
>  Tags: patch, security
>  Found in version automake1.10/1:1.10.1-3
>  Fixed in versions automake1.11/1:1.11.1-1, 1:1.10.3-1, 1:1.4-p6-13.1
> 
> I was wondering on this page:
>  http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=21;bug=570850
> 
> It looks like the mail from Serafeim Zanikolas was meant 
>  * not for 1:1.10.3-1 (non-existing) as it was mailed
>  * but for 1:1.10.1-3 (oldstable)
> 
> If this was typo, please resend this request with correct version.

sorry for the confusion. stable is fixed, oldstable (1:1.10.1-3, based on
upstream 1.10-1.10.1) is not

below the adapted patch for oldstable.

cheers,
sez

diff --git a/Makefile.in b/Makefile.in
index e59cb16..484a907 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -434,7 +434,7 @@ distdir: $(DISTFILES)
$(MAKE) $(AM_MAKEFLAGS) \
  top_distdir="$(top_distdir)" distdir="$(distdir)" \
  dist-hook
-   -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+   -find $(distdir) -type d ! -perm -755 -exec chmod u+rwx,go+rx {} \; -o \
  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
diff --git a/lib/am/distdir.am b/lib/am/distdir.am
index cbbe3c0..52bfc82 100644
--- a/lib/am/distdir.am
+++ b/lib/am/distdir.am
@@ -213,7 +213,7 @@ endif %?DIST-TARGETS%
 ## the file in place in the source tree.
 ##
 if %?TOPDIR_P%
-   -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+   -find $(distdir) -type d ! -perm -755 -exec chmod u+rwx,go+rx {} \; -o \
  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#570850: automake: Typo ? when marking fixed for oldstable

2012-01-29 Thread Osamu Aoki 
Hi,

This is for bug #570850: automake: Fix CVE-2009-4029 in Lenny/stable

 Reported by: Sylvain Beucler 
 Date: Sun, 21 Feb 2010 21:06:01 UTC
 Severity: grave
 Tags: patch, security
 Found in version automake1.10/1:1.10.1-3
 Fixed in versions automake1.11/1:1.11.1-1, 1:1.10.3-1, 1:1.4-p6-13.1

I was wondering on this page:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=21;bug=570850

It looks like the mail from Serafeim Zanikolas was meant 
 * not for 1:1.10.3-1 (non-existing) as it was mailed
 * but for 1:1.10.1-3 (oldstable)

If this was typo, please resend this request with correct version.

Osamu



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org