On 11/1/07, Luis Rodrigo Gallardo Cruz <[EMAIL PROTECTED]> wrote: > On Thu, Nov 01, 2007 at 01:30:45PM +0100, Nico Golde wrote: > > CVE-2007-5751[0]: > > | Liferea before 1.4.6 uses weak permissions (0644) for the > > | feedlist.opml backup file, which allows local users to > > | obtain credentials. > > It appears that the problem is not present in 1.0.*, as those versions > do not create a backup for that file. At least, my local install has > propper permissions on the file: > > $ ls -l ~/.liferea/fedlist.opml > -rw------- 1 rodrigo users 5954 2007-06-03 21:31 > /home/rodrigo/.liferea/feedlist.opml > > Lars, could you please confirm this?
Yes, this is correct. Feed list backup was introduced with 1.2.x (but I'd have to check in SVN to tell the exact version). Regards, Lars -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
