Summary: | net-im/mu-conference: system executable owned by non-root user | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Orlitzky <mjo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | maintainer-needed |
Priority: | Normal | Keywords: | PMASKED |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Orlitzky
2017-08-31 01:52:05 UTC
Is this a Gentoo specific issue? it may be good to report upstream about this. Gentoo Security Padawan ChrisADR The ebuild does, fowners jabber:jabber /usr/bin/mu-conference so it's probably not an upstream issue. If the maintainer deletes that line and if /usr/bin/mu-conference is still owned by an unprivileged user, then we can blame upstream. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=078f330fe5a44d365eccd9da4d83b90378921da7 commit 078f330fe5a44d365eccd9da4d83b90378921da7 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-03-03 17:10:33 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-03-03 17:10:33 +0000 net-im/mu-conference: Removed from repository Bug: https://bugs.gentoo.org/629416 net-im/mu-conference/Manifest | 1 - net-im/mu-conference/files/mu-conference-0.7.init | 25 ------ .../files/mu-conference-0.8.81-sha1_64bit.patch | 31 ------- net-im/mu-conference/metadata.xml | 6 -- .../mu-conference/mu-conference-0.8.81-r2.ebuild | 94 ---------------------- 5 files changed, 157 deletions(-)} Package was removed from repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=078f330fe5a44d365eccd9da4d83b90378921da7. Package wasn't marked stable, therefore no removal GLSA is required. Repository is clean, all done. |