Bug 126475 - media-libs/portaudio-18.1-r3 creates a world writable file in /usr/include/
|
Bug#:
126475
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: minor
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: ikelos@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
|
|
Summary: media-libs/portaudio-18.1-r3 creates a world writable file in /usr/include/
|
|
Keywords:
|
|
Status Whiteboard: B4 [noglsa] DerCorny
|
|
Opened: 2006-03-16 18:29 0000
|
Hi, I wasn't sure whether to post this under the Applications component or the
security component. I eventually decided on security, but have made it a minor
issue. Sorry if that's the wrong place...
Whilst emerging portaudio I spotted the following notice:
QA Security Notice:
- /usr/include/portaudio/portaudio.h will be a world writable file.
- This may or may not be a security problem, most of the time it is one.
- Please double check that portaudio-18.1-r3 really needs a world writeable bit
and file bugs accordingly.
I'm guessing the include file doesn't actually have to be installed world
writable, and I guess technically someone malicious could alter it so as to
backdoor any program relying on portaudio, maybe, perhaps. It's a bit tenuous,
but it seems easily fixed.
If you need any further information, please let me know...
sound please check and provide a new ebuild if necessary, thank you.
arm, ia64, and sh should mark stable. Only 18.1-r3 is affected. I marked
amd64, sparc, ppc64, and x86 stable since I test on those archs. I don't think
a GLSA is neccessary.
Thx Jeremy.
This one is ready for GLSA decision. I tend to vote NO.
arm, ia64, and sh please test and mark stable.
> I don't think
> a GLSA is neccessary.
Same thing here.
