Ubuntu
automake1.11 package

Upgrade package version to 1.11.1

Bug #526035 reported by Javier Jardón
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
automake1.11 (Ubuntu)
Fix Released
Undecided
Unassigned
Karmic
Won't Fix
Undecided
Unassigned

Bug Description

Automake 1.11 are known to be suffering from critical security issues: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html

ProblemType: Bug
Architecture: amd64
Date: Mon Feb 22 22:40:28 2010
DistroRelease: Ubuntu 9.10
Package: automake 1:1.11-1
PackageArchitecture: all
ProcEnviron:
 PATH=(custom, user)
 LANG=es_ES.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-19.56-generic
SourcePackage: automake1.11
Uname: Linux 2.6.31-19-generic x86_64
XsessionErrors:
 (gnome-settings-daemon:2663): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed
 (polkit-gnome-authentication-agent-1:2732): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
 (nautilus:2723): Eel-CRITICAL **: eel_preferences_get_boolean: assertion `preferences_is_initialized ()' failed
 (gnome-panel:2720): Gdk-WARNING **: /build/buildd/gtk+2.0-2.18.3/gdk/x11/gdkdrawable-x11.c:952 drawable is not a pixmap or window

CVE References

Revision history for this message
Javier Jardón (jjardon) wrote :
Javier Jardón (jjardon)
visibility: private → public
Jamie Strandboge (jdstrand)
Changed in automake1.11 (Ubuntu):
status: New → Confirmed
Revision history for this message
Artur Rona (ari-tczew) wrote :

automake1.11 (1:1.11.1-1) unstable; urgency=low

  * New upstream release. Contains fix for CVE-2009-4029, which created
    world-writable directories in distribution tarballs.
  * debian/source/format, debian/source/options,
    debian/source/patch-header: Convert to v3 quilt format, with
    single-debian-patch.
  * debian/control: Update autoconf dependency to >= 2.62. (Closes: #556175)
  * debian/lintian.overrides, debian/automake.lintian-overrides: Rename
    overrides file to use new dh_lintian helper.
  * debian/rules, debian/control, debian/compat: Convert to a dh style
    rules file, change debhelper dependency and compat file to match.
 -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 01 Feb 2010 23:57:09 +0000

Changed in automake1.11 (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Reuben Thomas (rrt) wrote :

Since this is a security issue, will there be updates in current releases as well as lucid?

Revision history for this message
Reuben Thomas (rrt) wrote :

To give an example of a practical problem: I am a GNU developer, and GNU is now refusing uploads of new releases of code built with vulnerable Makefile.in's. This means that for projects I maintain I have to install automake 1.11.1 on my machines in order to be able to make new releases.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. karmic has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against karmic is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

tags: added: karmic
Changed in automake1.11 (Ubuntu Karmic):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.