Package: redmine Version: 3.3.1-4 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Control: affects -1 + redmine-sqlite redmine-mysql redmine-pgsql
Hi, during a test with piuparts I noticed your package behaves strangely while upgrading from 'stretch' to 'buster'. There is currently no redmine in buster, so the stretch version (which matches sid) is kept installed. But after the upgrade an insecure temporary directory appears: /tmp/bundler/home which is a) a predictable path name b) world writable This directory does not show up after just an installation in stretch. redmine(-*) are the only packages showing such behavior. >From the attached log (scroll to the bottom...): ERROR: BAD PERMISSIONS drwxrwxrwx 3 www-data www-data 60 Nov 13 17:05 /tmp/bundler/home cheers, Andreas
redmine_None.log.gz
Description: application/gzip
