[Bug 846922] [NEW] quassel-core creates world-readable directories
Launchpad Bug Tracker
846922 at bugs.launchpad.net
Mon Oct 24 14:51:39 UTC 2011
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Iain Lane (laney):
quassel-core creates /var/lib/quassel (/var/cache/quassel in older versions) and /var/log/quassel as world-readable directories.
The auto-generated SSL certificate+key file /var/lib/quasselCert.pem is also world-readable. This is especially dangerous when the administrator replaces it with a real certificate and doesn't change the permissions.
** Affects: lucid-backports
Importance: Undecided
Status: In Progress
** Affects: maverick-backports
Importance: Undecided
Status: In Progress
** Affects: quassel (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: quassel (Ubuntu Lucid)
Importance: Undecided
Assignee: Tyler Hicks (tyhicks)
Status: Fix Released
** Affects: quassel (Ubuntu Maverick)
Importance: Undecided
Assignee: Tyler Hicks (tyhicks)
Status: Fix Released
** Affects: quassel (Ubuntu Natty)
Importance: Undecided
Assignee: Tyler Hicks (tyhicks)
Status: Fix Released
** Affects: quassel (Ubuntu Oneiric)
Importance: Undecided
Status: Fix Released
--
quassel-core creates world-readable directories
https://bugs.launchpad.net/bugs/846922
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is subscribed to the bug report.
More information about the ubuntu-archive
mailing list