Bug 360641 - (CVE-2007-5751) CVE-2007-5751 liferea weak permissions for the feedlist.opml backup file
CVE-2007-5751 liferea weak permissions for the feedlist.opml backup file
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: liferea (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Brian Pepple
Fedora Extras Quality Assurance
source=cve,reported=20071031,public=2...
: Reopened, Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-31 13:29 EDT by Tomas Hoger
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: 1.2.23-5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-06 11:28:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-10-31 13:29:25 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5751 to the
following vulnerability:

Liferea before 1.4.6 uses weak permissions (0644) for the
feedlist.opml backup file, which allows local users to obtain
credentials.

References:
http://sourceforge.net/project/shownotes.php?release_id=550468
http://secunia.com/advisories/27438


Issue is reported to be fixed in version 1.4.6.  Current version in Fedora is
from 1.2.x branch, however affected code also seems to exist there.

This seems to be a relevant upstream SVN commit:

http://liferea.svn.sourceforge.net/viewvc/liferea?view=rev&revision=3512
Comment 1 Fedora Update System 2007-11-01 17:21:01 EDT
liferea-1.2.23-4.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 2 Lubomir Kundrak 2007-11-01 19:26:21 EDT
Reopening this for F8, so we don't forget an update once Werewolf is Gold.
Comment 3 Brian Pepple 2007-11-01 19:44:58 EDT
It's already been built & pushed to stable for F8 (which are being held until F8
is out the door).

https://admin.fedoraproject.org/updates/F8/pending/liferea-1.2.23-5.fc8
Comment 4 Fedora Update System 2007-11-06 11:10:55 EST
liferea-1.2.23-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.