FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 07-19-2008, 10:27 PM
Rodrigo Gallardo
 
Default Downgrading Bug#474736 to important

Eric Cooper <ecc@cmu.edu>
> When I click on this feed: http://www.borowitzreport.com/, the first
> item is (currently) the following. Liferea pops up a browser window
> for the embedded URL in the <iframe> whenever I try to display
> headlines -- I'm not even trying to read the body of the item.
>
> The fact that the link points to a site in Changzhou, China, and the
> strange nesting of the end tag -- <</iframe>/iframe> -- makes me think
> this feed was hijacked, so liferea's behavior is a security hole.

As I stated in the original bug report, I don't quite agree with the
security hole characterization of this bug, as it is essentially
imposible for liferea to detect a hijacked feed.

This bug is currently the only reason for liferea not to be in lenny.
Since upstream has stated that the 1.4 series will *not* be updated to
deal with this issue, and I lack the time for now to attempt a backport,
this means a fix for this will not be ready before the freeze.

Would I be justified in downgrading this to important?


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 07:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org