[Pkg-xfce-devel] Bug#517020: Bug#517020: Bug#517020: Bug#517020: Bug#517020: thunar: potential exploits via application launchers
Yves-Alexis Perez
corsac at debian.org
Sun Mar 1 22:35:31 UTC 2009
On dim, 2009-03-01 at 12:44 -0500, Michael S. Gilbert wrote:
> On Sun, 01 Mar 2009 10:16:27 +0100 wrote:
>
> > > (although if that's the case, i think that there is a problem
> > > with debian's documentation [1] since it appears to indicate that any
> > > and all security holes are to be reported as grave).
> >
> > It says “Most security bugs should also be set at critical or grave
> > severity.”. I guess you missed the “most”?
>
> yes indeed, i have overlooked that statement. however, that is to be
> found in the "Tags" and not the "Severity levels" section, so i had
> no reason to look there.
package: thunar
severity: grave
tags: security
You just discover that “security” is a tag and not a severity?
> anyway, "most" means most, and the "non-most"
> category would primarily include no-data-compromise issues such as
> denial-of-services, i believe.
Yes, most means most. Thanks!
> it is in fact trivial to exploit:
I already noticed we disagreed on that.
> attackers have patience and understand the law of large numbers.
Nice quote indeed.
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20090301/15542f26/attachment.pgp
More information about the Pkg-xfce-devel
mailing list