[Bug 237070] graphics/qgis: installs world-writable files
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Apr 7 13:37:11 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237070
Bug ID: 237070
Summary: graphics/qgis: installs world-writable files
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: ports-bugs at FreeBSD.org
Reporter: d8zNeCFG at aon.at
CC: rhurlin at gwdg.de
Flags: maintainer-feedback?(rhurlin at gwdg.de)
CC: rhurlin at gwdg.de
Scenario:
- Updating qgis using portmaster
Result:
- Excerpt from the install log:
Installing qgis-3.6.0_5...
===> SECURITY REPORT:
This port has installed the following world-writable files/directories.
/usr/local/share/qgis/resources/data/contributors.json
/usr/local/share/qgis/resources/data/qgis-hackfests.qml
/usr/local/share/qgis/resources/data/world_map.shp
/usr/local/share/qgis/resources/data/qgis-hackfests.json
/usr/local/share/qgis/resources/data/world_map.shx
/usr/local/share/qgis/resources/data/world_map.qix
/usr/local/share/qgis/resources/data/world_map.prj
/usr/local/share/qgis/resources/data/world_map.qml
/usr/local/share/qgis/resources/data/contributors.qml
/usr/local/share/qgis/resources/data/world_map.dbf
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
https://qgis.org/en/site/
Expected result:
- No world-writable files are installed
-- Martin
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list