[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug severity and private data disclosure

I reported a bug involving private data disclosure, more precisely,
on some network, when printing a file with CUPS 1.6, the file is
printed on a wrong printer[*]. The bug severity was downgraded to
important (i.e. non-RC), despite the obvious security problem. The
given reason was that this kind of security problem is not mentioned


If Debian really minds about some forms of security bugs such as
private data disclosure, something should be done... Perhaps replace

  allowing access to the accounts of users who use the package


  allowing access to private data of users who use the package

(BTW, logging passwords in general log files would fall in the same
class of security bugs.)

[*] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711848

Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to: