[Reportbug-maint] Bug#762232: reportbug: has no good category for web apps exploitability

Toni Mueller support at oeko.net
Fri Sep 19 19:36:58 UTC 2014 

Package: reportbug
Version: 6.4.4+deb7u1
Severity: wishlist

Dear Maintainer,

as the number of packaged web papplications increases, reportbug should
imho have a category that is designated to be appropriate for cases
where the problem does not allow compromising a local user or gaining
root, but where the application would make the host prone to carrying
out attacks on third party hosts, on behalf of the attacker. As an
example, installing malware to cause drive-by downloads may be
mentioned - usually, the host itself might not be otherwise affected by
the additional files it would serve.

Please consider assigning an appropriate category to this kind of
problem and offer the user to set the security tag on the affected
report.


Kind regards,
--Toni++



-- Package-specific info:
** Environment settings:
EDITOR="vi"
DEBEMAIL="toni at debian.org"
INTERFACE="text"

** /home/toni/.reportbugrc:
reportbug_version "1.99.50"
mode standard
ui text
realname "Toni Mueller"
email "support at oeko.net"

-- System Information:
Debian Release: 7.6
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.14-0.bpo.1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages reportbug depends on:
ii  apt               0.9.7.9+deb7u4
ii  python            2.7.3-4+deb7u1
ii  python-reportbug  6.4.4+deb7u1

reportbug recommends no packages.

Versions of packages reportbug suggests:
pn  claws-mail                      <none>
ii  debconf-utils                   1.5.49
ii  debsums                         2.0.52
ii  dlocate                         1.02
ii  emacs23-bin-common              23.4+1-4
ii  file                            5.11-2+deb7u5
ii  gnupg                           1.4.12-7+deb7u6
ii  postfix [mail-transport-agent]  2.9.6-2
ii  python-gtk2                     2.24.0-3+b1
pn  python-gtkspell                 <none>
ii  python-urwid                    1.0.1-2
ii  python-vte                      1:0.28.2-5
ii  xdg-utils                       1.1.0~rc1+git20111210-6

Versions of packages python-reportbug depends on:
ii  apt               0.9.7.9+deb7u4
ii  python            2.7.3-4+deb7u1
ii  python-debian     0.1.21
ii  python-debianbts  1.11
ii  python-support    1.0.15

python-reportbug suggests no packages.

-- no debconf information

More information about the Reportbug-maint mailing list