Re: Reporting 1.2K crashes
Marc Haber <mh+debian-devel@zugschlus.de> writes:
> Will you also check Debian unstable? It is much easier to have a package
> in unstable fixed, and I suspect that not every crash you find will be a
> security relevant one.
I suspect most of them won't be, actually, or at least will be difficult
to exploit. A lot of command-line binaries that are only ever run by a
regular user aren't particularly well-hardened against things like corrupt
configuration files or weird command-line options, but usually those
problems aren't really exploitable except under very artificial
situations.
Still, it's a robustness bug and I'm very happy to see them reported and
fixed.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: