-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, a CVE has been created for the bug id below in logol package.
In the meanwhile the issue has been fixed and uploaded. Can anyone tell me how to manage CVEs? CVE id is in the bug report, but should I do something else to describe the issue, tag it,... ? Thanks Olivier - -------- Message original -------- Sujet: [Debian-med-packaging] Bug#683647: Fwd: CVE ASSIGNMENT: logol: creates world writable directory: /var/lib/logol/results Date de renvoi : Fri, 03 Aug 2012 18:27:05 +0000 De (renvoi) : Andreas Beckmann <[email protected]> Pour (renvoi) : [email protected] Copie (renvoi) : Debian Med Packaging Team <[email protected]> Date : Fri, 03 Aug 2012 20:24:10 +0200 De : Andreas Beckmann <[email protected]> Répondre à : Andreas Beckmann <[email protected]>, [email protected] Pour : [email protected] - -------- Original Message -------- Subject: CVE ASSIGNMENT: logol: creates world writable directory: /var/lib/logol/results Date: Fri, 03 Aug 2012 12:07:31 -0600 From: Kurt Seifried <[email protected]> To: [email protected] <[email protected]>, Andreas Beckmann <[email protected]> logol: creates world writable directory: /var/lib/logol/results http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683647 Package: logol Version: 1.5.0-2 Severity: grave Tags: security Justification: user security hole User: [email protected] Usertags: piuparts Hi, during a test with piuparts I noticed that your packages creates a world writable directory: drwxrwxrwx 2 root root 40 Jul 1 21:59 /var/lib/logol/results There any local user may delete/replace arbitrary files that were not created by the user himself. Andreas Please use CVE-2012-3453 for this issue. _______________________________________________ Debian-med-packaging mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-packaging -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJQH35GAAoJEHjcaNsybYQ4oNoP/3+mrj8Fy1XBaU+C1tpiqzEs kq0Jv9wIDiC05Co7cj63yill41/VtY2X2DrC8EhJN7SfDcmyfRbTkuPl/bR82Qsk ce5AStoMqugRTjCvKJW/3c/axxMqbvmHcisB7ibMXZd8k3KEZjbqft9VepL16AHl kt/zJ9Wg8g3JG6RYo9XCgPuIxrU31merQgIBOtDurCiggyRxLeaS69+nKeWvoQJt JZQoB+unaCXdzOZ2WW8fGfiAOwY231y5pFSQAlJZFlUdeGd52UznlEo08uR2+P51 w6f5fQO6vXj1R+auyAyqDMxpEYPGb1Pe9KePxGS1V6Rkpqis8IlG/aTryJPk46ub a2RCnRyJO4fXCeIVEH6Zs+APZ5MB7q6jM+lMD+7mdzFHMa+BSKo4cJ8R7J5oVzfx T1DkR6gyC/fQ58MZuCrTCnkMP5kR6zdNHO3p+I5mkCdmWMgjGvWR8aM6qkFDNkCS +0maiFqJ22qvO6yPLUnMAKZWoszM23d6TakxMDNIkL6+IAGf6SUGug0483LAaFBb 8OvI/rDLjQXVI0ZtpMhcRolket2SXPz329r7vgIo348yT+n6O4GPUS/YAm38LWf0 52/ipnHMeVv25jrfbxmSAWnNOyPKV4EAHFOS3VOAGPDsqZlSaoG2icPqXjHI2Nlm 1vN/M1kKFgUjEY93YhEL =IdwT -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
