| Summary: | net-news/liferea Insecure backup file permission (CVE-2007-5751) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | dang |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://secunia.com/advisories/27438 | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Robert Buchholz (RETIRED)
2007-10-31 23:57:37 UTC
Daniel, please advise. I've checked this, and the backup file only has bad perms in the 1.4.x series (which is not stable anywhere), and is in a subdirectory with 700 perms. so it's probably not an issue. I'll bump 1.4.5b to 1.4.6 anyway, which should take care of this problem. No, I take it back. The 1.2 series also has 0644 perms (again in a 0700 directory). I'll find and backport the fix, as 1.4.x is nowhere near ready to go stable. Okay, 1.4.6 is in the tree (and 1.4.5b removed). In addition, I backported the patch fixing the perms to 1.2.23-r1. I don't recommend that 1.4.x go stable at this point, so if early stabilization is necessary, 1.2.23-r1 is the correct version. I did check, and the patch the fix the perms on the backup file on the next run. Thanks. Arches, please test and mark stable net-news/liferea-1.2.23-r1. Target keywords : "amd64 ppc ppc64 sparc x86" FFS: DEPEND.bad 1 net-news/liferea/liferea-1.2.23.ebuild: ppc64(default-linux/ppc/ppc64/2006.1/64bit-userland) ['net-misc/networkmanager'] x86 stable sparc stable masked networkmanager use flag and marked stable on ppc64 ppc stable amd64 stable Vote now open. voting NO wrt comment #2 robert@joel ~ $ cat /home/rbu/.liferea_1.2/feedlist.opml.backup cat: /home/rbu/.liferea_1.2/feedlist.opml.backup: Permission denied Voting NO and closing. |