Hi Lars, * Lars Lindner <[EMAIL PROTECTED]> [2007-11-01 16:43]: > On 11/1/07, Luis Rodrigo Gallardo Cruz <[EMAIL PROTECTED]> wrote: > > On Thu, Nov 01, 2007 at 01:30:45PM +0100, Nico Golde wrote: > > > CVE-2007-5751[0]: > > > | Liferea before 1.4.6 uses weak permissions (0644) for the > > > | feedlist.opml backup file, which allows local users to > > > | obtain credentials. > > > > It appears that the problem is not present in 1.0.*, as those versions > > do not create a backup for that file. At least, my local install has > > propper permissions on the file: > > > > $ ls -l ~/.liferea/fedlist.opml > > -rw------- 1 rodrigo users 5954 2007-06-03 21:31 > > /home/rodrigo/.liferea/feedlist.opml > > > > Lars, could you please confirm this? > > Yes, this is correct. Feed list backup was introduced with 1.2.x (but > I'd have to check in SVN to tell the exact version).
Thanks, that might be, I just looked at the code that was patched (basically the umask call) and couldn't know if this version creates a backup or not. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpuNAzZr04Lo.pgp
Description: PGP signature
