Package: apt-watch Version: 0.3.2-8 Severity: normal Tags: security --- Please enter the report below this line. --- While having a look into /var/cache/apt, I noted that some files are owned by root.root and others by giovanni.giovanni (my username). I believe that apt-watch moves the .debs from its cache to the system cache, but doesn't set right permissions. Couldn't this be a security hole?
-rw-r--r-- 1 giovanni giovanni 662K 2007-04-14 14:47 yelp_2.18.1-1_i386.deb -rw-r--r-- 1 root root 44K 2007-04-22 11:47 ytalk_3.3.0-3_i386.deb --- System information. --- Architecture: i386 Kernel: Linux 2.6.20-1-686 Debian Release: lenny/sid 500 unstable www.debian-multimedia.org 500 unstable ftp.it.debian.org 500 testing security.debian.org 500 testing ftp.it.debian.org 500 stable ftp.it.debian.org --- Package information. --- Depends (Version) | Installed ================================-+-=========== apt-watch-gnome | 0.3.2-8 apt-watch-backend | 0.3.2-8 -- Giovanni Mascellani <[EMAIL PROTECTED]> http://giomasce.altervista.org GPG Key: | Fingerprint: 1EB6 3D43 E201 4DDF 67BD 0x5F1FBF70 | 003F FCB0 BB5C 5F1F BF70
signature.asc
Description: PGP signature
