Downgrading Bug#474736 to important

To: 474736-submitter@bugs.debian.org, debian-devel@lists.debian.org
Subject: Downgrading Bug#474736 to important
From: Rodrigo Gallardo <rodrigo@debian.org>
Date: Sat, 19 Jul 2008 17:27:45 -0500
Message-id: <[🔎] 20080719222745.GA12502@ns.nul-unu.net>

Eric Cooper <ecc@cmu.edu>
> When I click on this feed: http://www.borowitzreport.com/, the first
> item is (currently) the following.  Liferea pops up a browser window
> for the embedded URL in the <iframe> whenever I try to display
> headlines -- I'm not even trying to read the body of the item.
>
> The fact that the link points to a site in Changzhou, China, and the
> strange nesting of the end tag -- <</iframe>/iframe> -- makes me think
> this feed was hijacked, so liferea's behavior is a security hole.

As I stated in the original bug report, I don't quite agree with the
security hole characterization of this bug, as it is essentially
imposible for liferea to detect a hijacked feed.

This bug is currently the only reason for liferea not to be in lenny.
Since upstream has stated that the 1.4 series will *not* be updated to
deal with this issue, and I lack the time for now to attempt a backport,
this means a fix for this will not be ready before the freeze.

Would I be justified in downgrading this to important?

Reply to:

Prev by Date: Re: [Pkg-xen-devel] Xen status in lenny?
Next by Date: Re: esound [was: Re: Non-related 'Recommends' dependencies - bug or not?]
Previous by thread: Re: Clarification about bug #463538 is needed
Next by thread: Re: esound [was: Re: Non-related 'Recommends' dependencies - bug or not?]
Index(es):
- Date
- Thread