Summary: | dev-util/spe installs world writable files | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bryan Østergaard (RETIRED) <kloeri> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | marduk |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Bryan Østergaard (RETIRED)
2005-10-08 14:25:16 UTC
This one is ready for GLSA decision. I think it's worth one. World writeable executables are bad. Let's have a GLSA. Fixed in 0.7.5c-r1. If x86 team wants 0.5.x fixed instead I can do that but I'd prefer stabling 0.7.5c-r1 as 0.5.x has a number of other bugs and should be removed imo. x86 please test and mark stable. We can't mark it stable until this problem is resolved: dev-util/spe/spe-0.7.5c-r1.ebuild: x86(default-linux/x86/2005.0) ['>=dev-python/wxpython-2.6.0.0'] Maybe simpler to bump 0.5.x with the fix ? wxpython-2.6* should be marked stable later tonight. I still prefer stabling spe-0.7* and removing the troublesome 0.5* versions. wxpython is still not stable. Which version should be marked stable? I can test both packages and mark them both. afaik only 0.7.5c-r1 is fixed. I think he was looking for the wxpython version to mark stable. No clue, waiting for kloeri. (In reply to comment #11) > I think he was looking for the wxpython version to mark stable. No clue, waiting > for kloeri. Yea, I was asking about the wxpython version. Sorry for not being clear. I just added 0.5.1f-r1 to the tree as I don't want to wait for wxpython-2.6 to go stable any longer. Done on x86, thanks kloeri. GLSA 200510-13 *** Bug 108494 has been marked as a duplicate of this bug. *** |