162700 2007-01-18 20:10 0000 app-i18n/kurso-de-esperanto-3.0 - world writeable bit on all files 2007-02-10 19:43:10 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED B3?? [noglsa] P2 normal --- 1 quatrox@gmail.com security@gentoo.org quatrox@gmail.com 2007-01-18 20:10:28 0000 When I try to emerge app-i18n/kurso-de-esperanto-3.0, I get this notice on all the files: * QA Notice: Pre-stripped files found: * /var/tmp/portage/app-i18n/kurso-de-esperanto-3.0/image/opt/kurso/bin/kurso3 /var/tmp/portage/app-i18n/kurso-de-esperanto-3.0/image/opt/kurso/lib/libborqt-6.9-qt2.3.so QA Security Notice: - /opt/kurso/fonts/Menu_2.xfm will be a world writable file. - This may or may not be a security problem, most of the time it is one. - Please double check that kurso-de-esperanto-3.0 really needs a world writeable bit and file bugs accordingly. Reproducible: Always Steps to Reproduce: 1. emerge app-i18n/kurso-de-esperanto-3.0 vorlon@gentoo.org 2007-01-26 12:08:11 0000 confirmed... the tarball contains indeed world-writeable files, only had a quick look, but it seems that only fonts/html/... seem to be world-writable, not the binary vapier, you committed this a long while ago, want to fix it? otherwise we should mask it until there is a maintainer vapier@gentoo.org 2007-01-27 11:48:07 0000 lame, just fix the freaking package 3.0-r1 in portage vorlon@gentoo.org 2007-01-27 19:03:28 0000 unsure about the rating... security, please vote shellsage@gentoo.org 2007-01-27 21:37:07 0000 I vote no. jaervosz@gentoo.org 2007-01-27 22:47:52 0000 another NO vote. falco@gentoo.org 2007-02-10 19:43:10 0000 closing