[Debian-astro-maintainers] Bug#930056: synphot-data: creates world writable files: /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_*_syn.fits
Andreas Beckmann
anbe at debian.org
Thu Jun 6 08:55:52 BST 2019
Package: synphot-data
Version: 0.9.12
Severity: serious
User: debian-qa at lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package ships or creates
world writable files.
>From the attached log (scroll to the bottom...):
ERROR: BAD PERMISSIONS
-rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f115lp_006_syn.fits
-rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f122m_006_syn.fits
-rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f125lp_007_syn.fits
-rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f140lp_007_syn.fits
-rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f150lp_006_syn.fits
-rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f165lp_006_syn.fits
-rwxrwxrwx 1 4270 822 66240 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_sbc_mama_010_syn.fits
Given that this is a downloader package which has not changed since
last year, but the downloaded data seems to be different nowadays,
the package obviously does not check whether the downloaded files
match its expectations (e.g. by comparing hashes), which is yet
another RC bug.
cheers,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: synphot-data_0.9.12+dfsg-2.log.gz
Type: application/gzip
Size: 11091 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-astro-maintainers/attachments/20190606/123bacca/attachment.gz>
More information about the Debian-astro-maintainers
mailing list