[commit-womb] gnumaint .cvsignore Makefile template-cveauto.txt

[karl]

CVSROOT:        /sources/womb
Module name:    gnumaint
Changes by:     karl <karl>     13/03/10 21:39:09

Modified files:
        .              : .cvsignore Makefile 
Added files:
        .              : template-cveauto.txt 

Log message:
        cveauto bulk email

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnumaint/.cvsignore?cvsroot=womb&r1=1.11&r2=1.12
http://cvs.savannah.gnu.org/viewcvs/gnumaint/Makefile?cvsroot=womb&r1=1.46&r2=1.47
http://cvs.savannah.gnu.org/viewcvs/gnumaint/template-cveauto.txt?cvsroot=womb&rev=1.1

Patches:
Index: .cvsignore
===================================================================
RCS file: /sources/womb/gnumaint/.cvsignore,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- .cvsignore  3 Mar 2013 23:59:52 -0000       1.11
+++ .cvsignore  10 Mar 2013 21:39:09 -0000      1.12
@@ -7,4 +7,4 @@
 pkgnames.frommaint
 pkgnames.fromdir
 fsd
-pkglist-fsfpackages.txt
+pkglist-*.txt

Index: Makefile
===================================================================
RCS file: /sources/womb/gnumaint/Makefile,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -b -r1.46 -r1.47
--- Makefile    3 Mar 2013 23:59:52 -0000       1.46
+++ Makefile    10 Mar 2013 21:39:09 -0000      1.47
@@ -1,4 +1,4 @@
-# $Id: Makefile,v 1.46 2013/03/03 23:59:52 karl Exp $
+# $Id: Makefile,v 1.47 2013/03/10 21:39:09 karl Exp $
 # Copyright 2007, 2008, 2009, 2010, 2011, 2012, 2013
 # Free Software Foundation, Inc.
 #
@@ -28,8 +28,8 @@
        gm generate maintainers bypackage
 
 test-genemail email:
-       gm generate email bypackage -o msg.1302 -p pkglist-cveauto.txt -t 
template-cveauto.txt
-       ls msg.1302/
+       gm generate email bypackage -o msg.1303 -p pkglist-cveauto.txt -t 
template-cveauto.txt
+       ls msg.1303/
 
 email-1201:
        gm generate email bypackage -o msg.1201 -p pkglist-fsfpackages.txt -t 
template-copyright.txt

Index: template-cveauto.txt
===================================================================
RCS file: template-cveauto.txt
diff -N template-cveauto.txt
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ template-cveauto.txt        10 Mar 2013 21:39:09 -0000      1.1
@@ -0,0 +1,39 @@
+From: address@hidden (GNU Project)
+To: %PACKAGE_MAINTAINERS
+Subject: %PACKAGE_NAME and Automake-related vulnerabilities
+Precedence: bulk
+
+Greetings,
+
+I'm sending you this message on behalf of GNU because as far as we know,
+you are the maintainer(s) of %PACKAGE_NAME.  (If you're not maintaining
+it, please reply to let me know.)
+
+Two vulnerabilities related to Automake-generated Makefiles and the dist
+and distcheck target were discovered some time ago.  It seemed to me
+that the latest release of %PACKAGE_NAME on ftp.gnu.org was still
+vulnerable to one or both.  They are:
+  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4029
+  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
+
+(If you did make a later release that fixes these issues, don't worry
+about this email, and sorry for the noise.  I could not determine
+the status with absolute certainty.)
+
+The issues were fixed in automake releases 1.12.2 and 1.11.6.  So the
+simplest way to mitigate them is to regenerate the Makefiles using an
+automake that is at least that new and re-release.  If you don't want to
+do that, you can also hack the Makefiles to fix the problem by hand:
+  http://lists.gnu.org/archive/html/savannah-hackers/2012-12/msg00049.html
+
+Although these vulnerabilities do not have a high probability of being
+exploited, of course we want GNU software to be safe.  So it would be
+good to make a new release, even if it's just to fix these bugs.  Of
+course other fixes or features are all to the good.
+
+As usual, aside from this issue, if you have any news or questions
+regarding the package, please let me know at address@hidden
+Thanks for contributing to GNU, and happy hacking.
+
+Karl Berry
+Assistant Chief GNUisance