Package: packagekit Version: 0.7.6-3 Severity: normal Dear Maintainer,
I noticed that /var/lib/PackageKit/transactions.db is readable by anyone: -rw-r--r-- 1 root root 9216 2014-01-08 08:19 /var/lib/PackageKit/transactions.db This is in contrast to normal logfiles, like -rw-r----- 1 root adm 172652 2014-02-03 17:55 auth.log which are only readable by group adm (and root, of course). The contents of transactions.db might contain somewhat sensible information (basically logging), thus I would suggest to change the permissions to the same as for logfiles. -- System Information: Debian Release: 7.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages packagekit depends on: ii libc6 2.13-38 ii libglib2.0-0 2.33.12+really2.32.4-5 ii libglib2.0-bin 2.33.12+really2.32.4-5 ii libpackagekit-glib2-14 0.7.6-3 ii libpolkit-gobject-1-0 0.105-3 ii libsqlite3-0 3.7.13-1+deb7u1 ii packagekit-backend-aptcc 0.7.6-3 Versions of packages packagekit recommends: ii packagekit-tools 0.7.6-3 Versions of packages packagekit suggests: pn packagekit-backend-smart <none> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
