Package: rss2email
Version: 1:3.8-1
Severity: normal

Each time it is used to update list of feeds, r2e rewrites
rss2email.cfg, and neglects to preserve its file permissions when doing
so.

So, any rss2email user whose home directory is world readable, but who
has locked down the permissions of their feed list to avoid exposing
that private information, will have that defeated by r2e.

I suppose the workaround is to lock down the permissions of ~/.local and
~/.config

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rss2email depends on:
ii  python-xdg          0.25-4
ii  python2.7           2.7.8-6
ii  python3-feedparser  5.1.3-2
ii  python3-html2text   3.200.3-2
pn  python3:any         <none>

rss2email recommends no packages.

Versions of packages rss2email suggests:
pn  esmtp  <none>

-- no debconf information

-- 
see shy jo


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to