Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5751 to the following vulnerability: Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. References: http://sourceforge.net/project/shownotes.php?release_id=550468 http://secunia.com/advisories/27438 Issue is reported to be fixed in version 1.4.6. Current version in Fedora is from 1.2.x branch, however affected code also seems to exist there. This seems to be a relevant upstream SVN commit: http://liferea.svn.sourceforge.net/viewvc/liferea?view=rev&revision=3512
liferea-1.2.23-4.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Reopening this for F8, so we don't forget an update once Werewolf is Gold.
It's already been built & pushed to stable for F8 (which are being held until F8 is out the door). https://admin.fedoraproject.org/updates/F8/pending/liferea-1.2.23-5.fc8
liferea-1.2.23-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.