gems

Andreas Beckmann Tue, 06 Dec 2016 15:08:14 -0800

Package: diaspora-installer
Version: 0.6.0.0+debian4
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts


Hi,

during a test with piuparts I noticed your package installs
world-writable files.

>From the attached log (scroll to the bottom...):

  ERROR: BAD PERMISSIONS
  -rw-rw-rw- 1 diaspora nogroup  1935 Dec  5 17:24 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/configurate-0.3.1/lib/configurate/lookup_chain.rb
  -rw-rw-rw- 1 diaspora nogroup    73 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-diaspora-mention-1.0.0/Gemfile
  -rw-rw-rw- 1 diaspora nogroup   481 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-diaspora-mention-1.0.0/README.md
  -rw-rw-rw- 1 diaspora nogroup    28 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-diaspora-mention-1.0.0/Rakefile
  -rw-rw-rw- 1 diaspora nogroup    73 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-diaspora-mention-1.0.0/app/assets/javascripts/markdown-it-diaspora-mention.js
  -rw-rw-rw- 1 diaspora nogroup 22469 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-diaspora-mention-1.0.0/app/assets/javascripts/markdown-it-diaspora-mention/markdown-it-diaspora-mention.js
  -rw-rw-rw- 1 diaspora nogroup   801 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-diaspora-mention-1.0.0/lib/rails-assets-markdown-it-diaspora-mention.rb
  -rw-rw-rw- 1 diaspora nogroup    68 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-diaspora-mention-1.0.0/lib/rails-assets-markdown-it-diaspora-mention/version.rb
  -rw-rw-rw- 1 diaspora nogroup   848 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-diaspora-mention-1.0.0/rails-assets-markdown-it-diaspora-mention.gemspec
  -rw-rw-rw- 1 diaspora nogroup   754 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-diaspora-mention-1.0.0/rails-assets-markdown-it-diaspora-mention.json
  -rw-rw-rw- 1 diaspora nogroup    73 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-sanitizer-0.4.2/Gemfile
  -rw-rw-rw- 1 diaspora nogroup   460 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-sanitizer-0.4.2/README.md
  -rw-rw-rw- 1 diaspora nogroup    28 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-sanitizer-0.4.2/Rakefile
  -rw-rw-rw- 1 diaspora nogroup    59 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-sanitizer-0.4.2/app/assets/javascripts/markdown-it-sanitizer.js
  -rw-rw-rw- 1 diaspora nogroup  8864 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-sanitizer-0.4.2/app/assets/javascripts/markdown-it-sanitizer/markdown-it-sanitizer.js
  -rw-rw-rw- 1 diaspora nogroup   775 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-sanitizer-0.4.2/lib/rails-assets-markdown-it-sanitizer.rb
  -rw-rw-rw- 1 diaspora nogroup    62 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-sanitizer-0.4.2/lib/rails-assets-markdown-it-sanitizer/version.rb
  -rw-rw-rw- 1 diaspora nogroup   775 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-sanitizer-0.4.2/rails-assets-markdown-it-sanitizer.gemspec
  -rw-rw-rw- 1 diaspora nogroup   708 Dec  5 17:25 
/usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems/rails-assets-markdown-it-sanitizer-0.4.2/rails-assets-markdown-it-sanitizer.json


cheers,

Andreas

diaspora-installer_0.6.0.0+debian4.log.gz
Description: application/gzip

Bug#847286: diaspora-installer: installs world-writable files under /usr/share/diaspora/vendor/bundle/ruby/2.3.0/gems

Reply via email to