Bug 162700 - app-i18n/kurso-de-esperanto-3.0 - world writeable bit on all files
|
Bug#:
162700
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: quatrox@gmail.com
|
|
Component: Vulnerabilities
|
|
|
URL:
|
|
Summary: app-i18n/kurso-de-esperanto-3.0 - world writeable bit on all files
|
|
Keywords:
|
|
Status Whiteboard: B3?? [noglsa]
|
|
Opened: 2007-01-18 20:10 0000
|
When I try to emerge app-i18n/kurso-de-esperanto-3.0, I get this notice on all
the files:
* QA Notice: Pre-stripped files found:
* /var/tmp/portage/app-i18n/kurso-de-esperanto-3.0/image/opt/kurso/bin/kurso3
/var/tmp/portage/app-i18n/kurso-de-esperanto-3.0/image/opt/kurso/lib/libborqt-6.9-qt2.3.so
QA Security Notice:
- /opt/kurso/fonts/Menu_2.xfm will be a world writable file.
- This may or may not be a security problem, most of the time it is one.
- Please double check that kurso-de-esperanto-3.0 really needs a world
writeable bit and file bugs accordingly.
Reproducible: Always
Steps to Reproduce:
1. emerge app-i18n/kurso-de-esperanto-3.0
confirmed... the tarball contains indeed world-writeable files, only had a
quick look, but it seems that only fonts/html/... seem to be world-writable,
not the binary
vapier, you committed this a long while ago, want to fix it?
otherwise we should mask it until there is a maintainer
lame, just fix the freaking package
3.0-r1 in portage
unsure about the rating...
security, please vote
