Downgrading Bug#474736 to important
Eric Cooper <firstname.lastname@example.org>
> When I click on this feed: http://www.borowitzreport.com/, the first
> item is (currently) the following. Liferea pops up a browser window
> for the embedded URL in the <iframe> whenever I try to display
> headlines -- I'm not even trying to read the body of the item.
> The fact that the link points to a site in Changzhou, China, and the
> strange nesting of the end tag -- <</iframe>/iframe> -- makes me think
> this feed was hijacked, so liferea's behavior is a security hole.
As I stated in the original bug report, I don't quite agree with the
security hole characterization of this bug, as it is essentially
imposible for liferea to detect a hijacked feed.
This bug is currently the only reason for liferea not to be in lenny.
Since upstream has stated that the 1.4 series will *not* be updated to
deal with this issue, and I lack the time for now to attempt a backport,
this means a fix for this will not be ready before the freeze.
Would I be justified in downgrading this to important?