From: Stefano Lattarini <stefano.lattarini@gmail.com>
Date: Mon, 9 Jul 2012 16:20:33 +0000 (+0200)
Subject: news: improve wording in entry about CVE-2012-3386
X-Git-Tag: v1.12.3~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5243fda46ffffef0762098ce1aa2039db43ce479;p=thirdparty%2Fautomake.git

news: improve wording in entry about CVE-2012-3386

Signed-off-by: Stefano Lattarini <stefano.lattarini@gmail.com>
---

diff --git a/NEWS b/NEWS
index 800c7ebdd..8475ac25e 100644
--- a/NEWS
+++ b/NEWS
@@ -99,12 +99,12 @@ Bugs fixed in 1.12.2:
 
 * SECURITY VULNERABILITIES!
 
-  - The recipe of the 'distcheck' no longer grants anymore temporary
-    world-wide write permissions on the extracted distdir.  Even if such
-    rights were only granted for a vanishingly small time window, the
-    implied race condition proved to be enough to allow a local attacker
-    to run arbitrary code with the privileges of the user running "make
-    distcheck".  This is CVE-2012-3386.
+  - The 'distcheck' recipe no longer grants temporary world-write
+    permissions on the extracted distdir.  Even if such rights were
+    only granted for a vanishingly small time window, the implied
+    race condition proved to be enough to allow a local attacker
+    to run arbitrary code with the privileges of the user running
+    "make distcheck".  This is CVE-2012-3386.
 
 * Long-standing bugs: