Your message dated Wed, 12 Jan 2022 12:13:32 +0100 with message-id <2678434.HhyVr56btz@bagend> and subject line Re: busybox: unzip creates world-writable directories has caused the Debian Bug report #882177, regarding busybox: unzip creates world-writable directories to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 882177: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882177 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: busybox: unzip creates world-writable directories
- From: Jakub Wilk <jwilk@jwilk.net>
- Date: Sun, 19 Nov 2017 23:08:09 +0100
- Message-id: <20171119220809.jnqvarsnxelswsbv@jwilk.net>
Package: busybox Version: 1:1.27.2-1 Tags: securityWhen busybox's unzip creates a directory that is not shipped directly in the zip file, it makes the directory world-writable:$ zipinfo moo.zip Archive: moo.zip Zip file size: 112 bytes, number of entries: 1 -rw-r--r-- 3.0 unx 0 b- stor 17-Nov-19 22:51 moo/moo 1 file, 0 bytes uncompressed, 0 bytes compressed: 0.0% $ busybox unzip moo.zip Archive: moo.zip inflating: moo/moo $ ls -ld moo drwxrwxrwx 2 jwilk users 4096 Nov 19 22:03 moo -- System Information: Architecture: i386 Versions of packages busybox depends on: ii libc6 2.25-1 -- Jakub Wilk
--- End Message ---
--- Begin Message ---
- To: 882177-done@bugs.debian.org
- Subject: Re: busybox: unzip creates world-writable directories
- From: Diederik de Haas <didi.debian@cknow.org>
- Date: Wed, 12 Jan 2022 12:13:32 +0100
- Message-id: <2678434.HhyVr56btz@bagend>
- In-reply-to: <20171119220809.jnqvarsnxelswsbv@jwilk.net>
Version: 1:1.30.1-1 This was fixed in upstream commit 5cdd120f0c6423a42fa2eec2311126142a9a49f0 and part of the upstream 1.29.0 release. The first version uploaded to Debian with that fix was 1:1.30.1-1, so close it with that version.Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---