Gentoo Bug 162700 - app-i18n/kurso-de-esperanto-3.0 - world writeable bit on all files

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	162700
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Flemming Richter <quatrox@gmail.com>
Add CC:
CC:

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 162700 depends on:			Show dependency tree
Bug 162700 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-01-18 20:10 0000

When I try to emerge app-i18n/kurso-de-esperanto-3.0, I get this notice on all
the files:

 * QA Notice: Pre-stripped files found:
 * /var/tmp/portage/app-i18n/kurso-de-esperanto-3.0/image/opt/kurso/bin/kurso3
/var/tmp/portage/app-i18n/kurso-de-esperanto-3.0/image/opt/kurso/lib/libborqt-6.9-qt2.3.so
QA Security Notice:
- /opt/kurso/fonts/Menu_2.xfm will be a world writable file.
- This may or may not be a security problem, most of the time it is one.
- Please double check that kurso-de-esperanto-3.0 really needs a world
writeable bit and file bugs accordingly.


Reproducible: Always

Steps to Reproduce:
1. emerge app-i18n/kurso-de-esperanto-3.0

------- Comment #1 From Matthias Geerdsen 2007-01-26 12:08:11 0000 -------

confirmed... the tarball contains indeed world-writeable files, only had a
quick look, but it seems that only fonts/html/... seem to be world-writable,
not the binary

vapier, you committed this a long while ago, want to fix it?
otherwise we should mask it until there is a maintainer

------- Comment #2 From SpanKY 2007-01-27 11:48:07 0000 -------

lame, just fix the freaking package

3.0-r1 in portage

------- Comment #3 From Matthias Geerdsen 2007-01-27 19:03:28 0000 -------

unsure about the rating...

security, please vote

------- Comment #4 From Vic Fryzel (shellsage) (RETIRED) 2007-01-27 21:37:07 0000 -------

I vote no.

------- Comment #5 From Sune Kloppenborg Jeppesen 2007-01-27 22:47:52 0000 -------

another NO vote.

------- Comment #6 From Raphael Marichez 2007-02-10 19:43:10 0000 -------

closing

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 162700

app-i18n/kurso-de-esperanto-3.0 - world writeable bit on all files

Last modified: 2007-02-10 19:43:10 0000