[Secure-testing-team] Security update for fuse
Micah Anderson
micah at riseup.net
Mon Jun 20 01:45:14 UTC 2005
Moritz Muehlenhoff schrieb am Sunday, den 19. June 2005:
> Micah Anderson wrote:
> > I think that we'd have to be careful about DoS' because any
> > vulnerability that can cause a service interruption should be viewed
> > as minor only with qualifications.
>
> Yes, DoSing Apache is not a minor issue, but DoSing browsers, mails clients
> etc. is IMO.
Yeah, I agree.
> > What about three risk categories: low, medium, high.
>
> Personally I think there are too many different systems out there to
> define severitys for real issues, as there are too many variables to define a
> generic severity. DSAs aren't doing such a classification for a good reason
> as well.
> Additionally you'd need to update the information once you find an exploit
> (leaving out the problematic fact that'd you'll never really know whether
> an exploit is available among black hats)
> But I don't care too much for that issue, three levels would be fine for me
> as well.
Ah, I thought we were talking about these categories for our own
purposes in terms of color coding things on
http://newraff.debian.org/... I hadn't considered if it would make
sense to add severities to DTSAs or not.
micah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050619/096267cf/attachment.pgp
More information about the Secure-testing-team
mailing list