[DRE-maint] Bug#915860: gitlab: creates world writable file: /var/lib/gitlab/.cache/yarn/v4/npm-babel-core-6.26.3-b2e2f09e342d0f0c88e2f02e067794125e75c207/node_modules/babel-core/.yarn-metadata.json
Andreas Beckmann
anbe at debian.org
Fri Dec 7 11:48:37 GMT 2018
Package: gitlab
Version: 11.3.11+dfsg-1
Severity: serious
User: debian-qa at lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package creates a world
writable file which may be a security issue.
>From the attached log (scroll to the bottom...):
ERROR: BAD PERMISSIONS
-rw-rw-rw- 1 gitlab gitlab 9756 Dec 4 15:43 /var/lib/gitlab/.cache/yarn/v4/npm-babel-core-6.26.3-b2e2f09e342d0f0c88e2f02e067794125e75c207/node_modules/babel-core/.yarn-metadata.json
cheers,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gitlab_11.3.11+dfsg-1.log.gz
Type: application/gzip
Size: 238177 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20181207/b6864abe/attachment-0001.gz>
More information about the Pkg-ruby-extras-maintainers
mailing list