[Reportbug-maint] Bug#762232: reportbug: has no good category for web apps exploitability
Sandro Tosi
morph at debian.org
Fri Sep 19 20:18:40 UTC 2014
>> From what you describe, I think the right categorization for now is:
>> severity=critical, tags=security - what would be the advantage of
>> introducing a more fine grained categorization for those issues?
>
> To me, "critical" seemed to be reserved for root exploits. But the
> attacker does not gain root, and may not even be able to alter any data
> on the computer, while still using a computer with the vulnerable
> software to cause harm to unrelated third parties.
critical description is "makes unrelated software on the system (or
the whole system) break, or causes serious data loss, or introduces a
security hole on systems where you install the package." and for me
what you describe is within "introduces a security hole on systems".
Would that make sense for you?
Regards,
--
Sandro Tosi (aka morph, morpheus, matrixhasu)
My website: http://matrixhasu.altervista.org/
Me at Debian: http://wiki.debian.org/SandroTosi
More information about the Reportbug-maint
mailing list