-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The following gnulib files use an undocumented autoconf macro AC_TRY_EVAL, which is buggy because it does not prevent against shell glob expansion and could end up invoking arbitrary commands according to the contents of the current directory. We need to switch these over to using documented commands, particularly since I'm thinking of removing AC_TRY_EVAL from the next version of autoconf because of its security risks. locale-fr.m4 locale-tr.m4 locale-zh.m4 printf.m4 - -- Don't work too hard, make some time for fun as well! Eric Blake ebb9@xxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkAbnoACgkQ84KuGfSFAYDJqQCgynEDW8UECvxiqXFTAPlIkCkw +XEAoNWx9KZdVy5wTq4QPBl+TjXx84tL =EC1G -----END PGP SIGNATURE----- _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx http://lists.gnu.org/mailman/listinfo/autoconf
