First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 93558
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Jürgen Hötzel <gentoo@hoetzel.info>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
silvercity-0.9.5-r1.ebuild.patch Patch for silvercity-0.9.5.ebuild patch Jürgen Hötzel 2005-05-22 08:18 0000 499 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 93558 depends on: Show dependency tree
Bug 93558 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-05-22 08:17 0000 
# ls -l /usr/bin/*.py
-rwxrwxrwx  1 root root 4443 May 22 16:58 /usr/bin/cgi-styler-form.py
-rwxrwxrwx  1 root root 2990 May 22 16:58 /usr/bin/cgi-styler.py
-rwxrwxrwx  1 root root 3776 May 22 16:58 /usr/bin/source2html.py

This is because the source tarball comes with these permissions.

enclosed ebuild patch also contains fix for a CR/LF and python-path issue:

# source2html.py 
: No such file or directory

I think upstream creates packages under windows.

J

------- Comment #1 From Jürgen Hötzel 2005-05-22 08:17:39 0000 ------- 
# ls -l /usr/bin/*.py
-rwxrwxrwx  1 root root 4443 May 22 16:58 /usr/bin/cgi-styler-form.py
-rwxrwxrwx  1 root root 2990 May 22 16:58 /usr/bin/cgi-styler.py
-rwxrwxrwx  1 root root 3776 May 22 16:58 /usr/bin/source2html.py

This is because the source tarball comes with these permissions.

enclosed ebuild patch also contains fix for a CR/LF and python-path issue:

# source2html.py 
: No such file or directory

I think upstream creates packages under windows.

Jürgen

------- Comment #2 From Jürgen Hötzel 2005-05-22 08:18:48 0000 ------- 
Created an attachment (id=59544) [details]
Patch for silvercity-0.9.5.ebuild

------- Comment #3 From Jürgen Hötzel 2005-05-31 14:39:32 0000 ------- 
This is also a security issue: Users can modify silvercity executables.

------- Comment #4 From Thierry Carrez (RETIRED) 2005-06-01 00:54:01 0000 ------- 
web-apps: please patch

------- Comment #5 From Aaron Walker (RETIRED) 2005-06-01 08:57:30 0000 ------- 
0.9.5-r1 in cvs, x86 stable. ppc please stable, and if you'd be so kind remove
that old ebuild.

------- Comment #6 From Michael Hanselmann (hansmi) (RETIRED) 2005-06-02 14:17:53 0000 ------- 
Stable on ppc.

------- Comment #7 From Thierry Carrez (RETIRED) 2005-06-03 00:42:06 0000 ------- 
Ready for GLSA vote.
This is somewhat between a "default config" and vulnerability so I'm not sure. I
guess we should issue one...

------- Comment #8 From Matthias Geerdsen 2005-06-06 04:59:06 0000 ------- 
I think we should issue one.

------- Comment #9 From Thierry Carrez (RETIRED) 2005-06-06 11:24:03 0000 ------- 
solar voted yes. Let's have a GLSA

------- Comment #10 From Sune Kloppenborg Jeppesen 2005-06-08 08:49:37 0000 ------- 
GLSA 200506-05
First Last Prev Next    No search results available      Search page      Enter new bug