News: Upload security verification
Show feedback again
Latest News
Compulsory HTTPS posted by gray, Thu Jul 13 21:30:30 2017 - 0 replies
New SSL certificate posted by gray, Tue Jul 12 17:33:53 2016 - 0 replies
Planned maintenance: stage 2 posted by gray, Thu Mar 12 12:07:09 2015 - 0 replies
Planned maintenance posted by gray, Thu Mar 12 12:04:30 2015 - 0 replies
Out-of-band notification service posted by gray, Wed Feb 19 09:17:56 2014 - 0 replies
[25 news in archive]
[25 news in archive]
Upload security verification
Item posted by Sergey Poznyakoff <gray> on Sun Jan 3 10:53:20 2010.
In response to the discovery of a potential security problem in Automake versions up to 1.11 (CVE-2009-4029), Puszcza now enforces a security verification procedure on distribution uploads. Any uploaded tarball whose top-level Makefile.in contains this security hole will be rejected. Please, make sure the tarballs you upload are created using Automake v. 1.11.1 (or later).
For more information on CVE-2009-4029, refer to http://thread.gmane.org/gmane.comp.sysutils.autotools.announce/131.
Comments:
No messages in Upload security verification
Show feedback again