Package: zoph Version: 0.3.3-12 Severity: normal
By default, zoph creates files and directories which are writeable by everyone. That's really bad security. Much safer defaults would be for IMPORT_UMASK to be 022 and DIR_MODE to be 0755 (set in /etc/zoph/config.inc.php). -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (101, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.8-6by9.5 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages zoph depends on: ii apache2-mpm-prefork [apach 2.0.54-4 traditional model for Apache2 ii imagemagick 6:6.0.6.2-2.4 Image manipulation programs ii jhead 2.3-2 manipulate the non-image part of E ii libdbd-mysql-perl 2.9006-1 A Perl5 database interface to the ii libdbi-perl 1.46-6 Perl5 database interface by Tim Bu ii libimage-size-perl 2.992-1 determine the size of images in se ii perl 5.8.4-8 Larry Wall's Practical Extraction ii php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-gd 4:4.3.10-16 GD module for php4 ii php4-mysql 4:4.3.10-16 MySQL module for php4 ii unzip 5.52-1 De-archiver for .zip files ii wwwconfig-common 0.0.43 Debian web auto configuration -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
