[Bug 846922] [NEW] quassel-core creates world-readable directories

Felix Geyer Sun, 11 Sep 2011 03:45:47 -0700

*** This bug is a security vulnerability ***

Public security bug reported:


quassel-core creates /var/lib/quassel (/var/cache/quassel in older versions) 
and /var/log/quassel as world-readable directories.
The auto-generated SSL certificate+key file /var/lib/quasselCert.pem is also 
world-readable. This is especially dangerous when the administrator replaces it 
with a real certificate and doesn't change the permissions.

** Affects: quassel (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/846922

Title:
  quassel-core creates world-readable directories

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/846922/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 846922] [NEW] quassel-core creates world-readable directories

Reply via email to