[Reportbug-maint] Bug#762232: reportbug: has no good category for web apps exploitability
Toni Mueller
support at oeko.net
Fri Sep 19 19:36:58 UTC 2014
Package: reportbug
Version: 6.4.4+deb7u1
Severity: wishlist
Dear Maintainer,
as the number of packaged web papplications increases, reportbug should
imho have a category that is designated to be appropriate for cases
where the problem does not allow compromising a local user or gaining
root, but where the application would make the host prone to carrying
out attacks on third party hosts, on behalf of the attacker. As an
example, installing malware to cause drive-by downloads may be
mentioned - usually, the host itself might not be otherwise affected by
the additional files it would serve.
Please consider assigning an appropriate category to this kind of
problem and offer the user to set the security tag on the affected
report.
Kind regards,
--Toni++
-- Package-specific info:
** Environment settings:
EDITOR="vi"
DEBEMAIL="toni at debian.org"
INTERFACE="text"
** /home/toni/.reportbugrc:
reportbug_version "1.99.50"
mode standard
ui text
realname "Toni Mueller"
email "support at oeko.net"
-- System Information:
Debian Release: 7.6
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.14-0.bpo.1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages reportbug depends on:
ii apt 0.9.7.9+deb7u4
ii python 2.7.3-4+deb7u1
ii python-reportbug 6.4.4+deb7u1
reportbug recommends no packages.
Versions of packages reportbug suggests:
pn claws-mail <none>
ii debconf-utils 1.5.49
ii debsums 2.0.52
ii dlocate 1.02
ii emacs23-bin-common 23.4+1-4
ii file 5.11-2+deb7u5
ii gnupg 1.4.12-7+deb7u6
ii postfix [mail-transport-agent] 2.9.6-2
ii python-gtk2 2.24.0-3+b1
pn python-gtkspell <none>
ii python-urwid 1.0.1-2
ii python-vte 1:0.28.2-5
ii xdg-utils 1.1.0~rc1+git20111210-6
Versions of packages python-reportbug depends on:
ii apt 0.9.7.9+deb7u4
ii python 2.7.3-4+deb7u1
ii python-debian 0.1.21
ii python-debianbts 1.11
ii python-support 1.0.15
python-reportbug suggests no packages.
-- no debconf information
More information about the Reportbug-maint
mailing list