Red Hat Bugzilla – Full Text Bug Listing
|Summary:||CVE-2007-5751 liferea weak permissions for the feedlist.opml backup file|
|Product:||[Fedora] Fedora||Reporter:||Tomas Hoger <thoger>|
|Component:||liferea||Assignee:||Brian Pepple <bdpepple>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||1.2.23-5||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2007-11-06 11:28:42 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Tomas Hoger 2007-10-31 13:29:25 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5751 to the following vulnerability: Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. References: http://sourceforge.net/project/shownotes.php?release_id=550468 http://secunia.com/advisories/27438 Issue is reported to be fixed in version 1.4.6. Current version in Fedora is from 1.2.x branch, however affected code also seems to exist there. This seems to be a relevant upstream SVN commit: http://liferea.svn.sourceforge.net/viewvc/liferea?view=rev&revision=3512
Comment 1 Fedora Update System 2007-11-01 17:21:01 EDT
liferea-1.2.23-4.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Comment 2 Lubomir Kundrak 2007-11-01 19:26:21 EDT
Reopening this for F8, so we don't forget an update once Werewolf is Gold.
Comment 3 Brian Pepple 2007-11-01 19:44:58 EDT
It's already been built & pushed to stable for F8 (which are being held until F8 is out the door). https://admin.fedoraproject.org/updates/F8/pending/liferea-1.2.23-5.fc8
Comment 4 Fedora Update System 2007-11-06 11:10:55 EST
liferea-1.2.23-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.