https://bugzilla.redhat.com/show_bug.cgi?id=976770 --- Comment #4 from Christopher Meng <cickumqt@xxxxxxxxx> --- missing-call-to-setgroups has been renamed to missing-call-to-setgroups-before-setuid. This will be available in the next version. And the explanation is: This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this mean it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. Ref POS36-C: https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges Spec URL: http://cicku.me/sstp-client.spec SRPM URL: http://cicku.me/sstp-client-1.0.9-2.fc20.src.rpm -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qlfPeFZhjL&a=cc_unsubscribe _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review