* Stefano Lattarini (stefano.lattar...@gmail.com) wrote:
> On 07/13/2012 12:51 PM, Diego Elio Pettenò wrote:
> > Il 13/07/2012 10:50, Stefano Lattarini ha scritto:
> >> Well, I'm really disappointed that nobody reported this upstream to us;
> >> our non-Debian users would have been saved from two a
On 07/13/2012 12:51 PM, Diego Elio Pettenò wrote:
> Il 13/07/2012 10:50, Stefano Lattarini ha scritto:
>> Well, I'm really disappointed that nobody reported this upstream to us;
>> our non-Debian users would have been saved from two and a half years of
>> potential vulnerability :-/
>
> It's worth
Il 13/07/2012 10:50, Stefano Lattarini ha scritto:
> Well, I'm really disappointed that nobody reported this upstream to us;
> our non-Debian users would have been saved from two and a half years of
> potential vulnerability :-/
It's worth noting that I just checked and Gentoo also applies the sam
On 07/12/2012 11:26 PM, Eric Dorland wrote:
>
> Thanks! It looks like this was actually fixed in Debian a few years
> ago as part of the CVE-2009-4029
> (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4029) fix.
>
Well, I'm really disappointed that nobody reported this upstream to us;
our
* Stefano Lattarini (stefano.lattar...@gmail.com) wrote:
> On 07/12/2012 08:23 PM, Eric Dorland wrote:
> > * Stefano Lattarini (stefano.lattar...@gmail.com) wrote:
> >> On 07/10/2012 12:14 AM, Eric Dorland wrote:
> >>>
> >>> Are older versions of automake also vulnerable?
> >>>
> >> Yes, all those
On 07/12/2012 08:23 PM, Eric Dorland wrote:
> * Stefano Lattarini (stefano.lattar...@gmail.com) wrote:
>> On 07/10/2012 12:14 AM, Eric Dorland wrote:
>>>
>>> Are older versions of automake also vulnerable?
>>>
>> Yes, all those back to 1.4 (at least). Sorry for not stating that
>> explicitly.
>
>
* Stefano Lattarini (stefano.lattar...@gmail.com) wrote:
> On 07/10/2012 12:14 AM, Eric Dorland wrote:
> >
> > Are older versions of automake also vulnerable?
> >
> Yes, all those back to 1.4 (at least). Sorry for not stating that
> explicitly.
So I'm not obviously finding this vulnerability in
On Tue, Jul 10, 2012 at 1:12 PM, Eric Dorland wrote:
> I'll probably spend my time instead trying to remove automake 1.4 from
> Debian at this point since it's super old.
Yes please! I think at this point "super old" is quite an understatement :)
--
Benoit "tsuna" Sigoure
Software Engineer @ w
* Stefano Lattarini (stefano.lattar...@gmail.com) wrote:
> On 07/10/2012 12:40 AM, Eric Dorland wrote:
> > * Stefano Lattarini (stefano.lattar...@gmail.com) wrote:
> >> On 07/10/2012 12:14 AM, Eric Dorland wrote:
> >>>
> >>> Are older versions of automake also vulnerable?
> >>>
> >> Yes, all thos
Hi,
On Tue, Jul 10, 2012 at 12:08:38AM +0200, Stefano Lattarini wrote:
> Hi Dmitry.
>
> On 07/09/2012 11:34 PM, Dmitry V. Levin wrote:
> > On Mon, Jul 09, 2012 at 06:14:03PM +0200, Stefano Lattarini wrote:
> >> This message announces the Automake 1.11.6 bug-fixing release.
> >
> > Could you push
On Mon, Jul 09, 2012 at 06:14:03PM +0200, Stefano Lattarini wrote:
> This message announces the Automake 1.11.6 bug-fixing release.
Could you push refs/heads/branch-1.11 and refs/tags/v1.11.6, please?
--
ldv
pgpSNpKS9vUsV.pgp
Description: PGP signature
On 07/10/2012 12:40 AM, Eric Dorland wrote:
> * Stefano Lattarini (stefano.lattar...@gmail.com) wrote:
>> On 07/10/2012 12:14 AM, Eric Dorland wrote:
>>>
>>> Are older versions of automake also vulnerable?
>>>
>> Yes, all those back to 1.4 (at least). Sorry for not stating that
>> explicitly.
>
* Stefano Lattarini (stefano.lattar...@gmail.com) wrote:
> On 07/10/2012 12:14 AM, Eric Dorland wrote:
> >
> > Are older versions of automake also vulnerable?
> >
> Yes, all those back to 1.4 (at least). Sorry for not stating that
> explicitly.
Awesome :) Is there a diff or git commit I can loo
On 07/10/2012 12:14 AM, Eric Dorland wrote:
>
> Are older versions of automake also vulnerable?
>
Yes, all those back to 1.4 (at least). Sorry for not stating that
explicitly.
Regards,
Stefano
* Stefano Lattarini (stefano.lattar...@gmail.com) wrote:
> This message announces the Automake 1.11.6 bug-fixing release.
>
> This release FIXES A SECURITY VULNERABILITY (CVE-2012-3386), so you are
> strongly encouraged to upgrade your existing Automake installation ASAP.
>
> With this release, t
Hi Dmitry.
On 07/09/2012 11:34 PM, Dmitry V. Levin wrote:
> On Mon, Jul 09, 2012 at 06:14:03PM +0200, Stefano Lattarini wrote:
>> This message announces the Automake 1.11.6 bug-fixing release.
>
> Could you push refs/heads/branch-1.11
>
This branch is not active anymore, having been discontinued
This message announces the Automake 1.11.6 bug-fixing release.
This release FIXES A SECURITY VULNERABILITY (CVE-2012-3386), so you are
strongly encouraged to upgrade your existing Automake installation ASAP.
With this release, the recipe of the 'distcheck' target no longer grants
temporary world-
17 matches
Mail list logo
