[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Downgrading Bug#474736 to important

Eric Cooper <ecc@cmu.edu>
> When I click on this feed: http://www.borowitzreport.com/, the first
> item is (currently) the following.  Liferea pops up a browser window
> for the embedded URL in the <iframe> whenever I try to display
> headlines -- I'm not even trying to read the body of the item.
> The fact that the link points to a site in Changzhou, China, and the
> strange nesting of the end tag -- <</iframe>/iframe> -- makes me think
> this feed was hijacked, so liferea's behavior is a security hole.

As I stated in the original bug report, I don't quite agree with the
security hole characterization of this bug, as it is essentially
imposible for liferea to detect a hijacked feed.

This bug is currently the only reason for liferea not to be in lenny.
Since upstream has stated that the 1.4 series will *not* be updated to
deal with this issue, and I lack the time for now to attempt a backport,
this means a fix for this will not be ready before the freeze.

Would I be justified in downgrading this to important?

Reply to: