[Bug 193957] Review Request: nant

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: nant


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193957


ville.skytta@xxxxxx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|NOTABUG                     |NEXTRELEASE




------- Additional Comments From ville.skytta@xxxxxx  2006-07-19 11:41 EST -------
(In reply to comment #16)
> A small problem with nant-0.85-5.src.rpm rebuilt on fc5: /usr/bin/nant tries
> to call /var/tmp/nant-0.85-5fc5-root-user/usr/lib/NAnt/bin/NAnt.exe.

That's not a small problem, it's an arbitrary command execution vulnerability. 
Please install fedora-rpmdevtools and add check-buildroot and friends to your
~/.rpmmacros (eg. using fedora-buildrpmtree), it catches errors like this:

[...]
+ /usr/lib/rpm/check-buildroot
/var/tmp/nant-0.85-5-buildroot-scop/usr/bin/nant:exec
/usr/lib64/pkgconfig/../../bin/mono
/var/tmp/nant-0.85-5-buildroot-scop/usr/lib64/NAnt/bin/NAnt.exe "$@"
Found '/var/tmp/nant-0.85-5-buildroot-scop' in installed files; aborting
error: Bad exit status from /var/tmp/rpm-tmp.42428 (%install)

The same problem is in the package released in devel.  Filed as bug 199432.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]