[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reporting 1.2K crashes

On Tue, 25 Jun 2013 11:46:04 -0700, Russ Allbery <rra@debian.org>
>Marc Haber <mh+debian-devel@zugschlus.de> writes:
>> Will you also check Debian unstable? It is much easier to have a package
>> in unstable fixed, and I suspect that not every crash you find will be a
>> security relevant one.
>I suspect most of them won't be, actually, or at least will be difficult
>to exploit.  A lot of command-line binaries that are only ever run by a
>regular user aren't particularly well-hardened against things like corrupt
>configuration files or weird command-line options, but usually those
>problems aren't really exploitable except under very artificial
>Still, it's a robustness bug and I'm very happy to see them reported and

I fully agree with you. Actually, this is the reason why I think that
such reports would make more sense against unstable since we are
unlikely to fix an unexploitable crash bug in stable, and upstreams
are unlikely to care about crashes in software they released a year

-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Reply to: