Hi!

I am trying to install a program which as lead me to install Automake.

I've found out here (http://www.gentoo.org/security/en/glsa/glsa-200404-08.xml) that the version 1.8 has vulnerability symbolic link attack (which I haven't got a clue about this attach could take place, have you?)

There is a new version 1.9 which is the one I have installed, How can I track to see if this issue as been solved? to make sure I am not making my system vulnerable?

The page says:


Vulnerable versions <= 1.8.5-r2
and

Unaffected versions >= 1.8.5-r3, revision >= 1.7.9-r1, < 1.7

so you have to check the versions of Automake

You can use Synaptic Package Manager to check the version or alternatively, Software Center, just type "Automake" and click "Show XXX Technical items" in the bottom left corner, if the result is not displayed automatically.

The page says:


and


so you have to check the versions of Automake

You can use Synaptic Package Manager to check the version or alternatively, Software Center, just type "Automake" and click "Show XXX Technical items" in the bottom left corner, if the result is not displayed automatically.


What Ubuntu do you have? I went to "Ubuntu Software Center" and I can see the package but when I click on "more info" nothing come up!

I have installed the 1.9 so should be OK!

I have Maverick 10.10 64bit (as my avatar says ;))

If you use one of the new versions, clicking on "more info" in technical items might be disabled :confused:

But if the caption of the item tells you the version (and its unaffected versions list), then its okay.

PS. I did not explicitly mention, that in installed item has a green circle with a check in the bottom right corner of the icon. Alternatively, you can browse the "installed packages" section.