CVE-2007-5751

NameCVE-2007-5751
DescriptionLiferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDTSA-107-1
Debian Bugs448850

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
liferea (PTS)jessie1.10.12-1fixed
stretch1.12~rc3-1fixed
buster1.12.6-1+deb10u1fixed
bullseye1.13.5-3fixed
bookworm1.14.4-3fixed
sid, trixie1.15.8-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lifereasourcesarge(not affected)
lifereasourceetch(not affected)
lifereasourcelenny1.0.27-2+lenny1DTSA-107-1
lifereasource(unstable)1.4.6-1low448850

Notes

[etch] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
[sarge] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
this file can contain credentials for rss feeds
Search for package or bug name: Reporting problems