Severity of bug #259993

To: debian-qa@lists.debian.org
Subject: Severity of bug #259993
From: Florian Zumbiehl <florz@gmx.de>
Date: Sun, 1 Aug 2004 05:07:52 +0200
Message-id: <[🔎] 20040801030752.GA648@florz.florz.dyndns.org>

Hi,

I recently (well, two weeks ago, that is) reported a number of security
problems in cups-pdf, originally filed under #259993. Please read the
BTS entry for details on the development up to the current situation:
The maintainer of cups-pdf, Martin-Éric Racine, has degraded all the
bugs to important, thus making them non-release-critical.

Even though I haven't tried to exploit them I'm quite sure that at
least two of them can be used to obtain root privileges quite easily.
That is why I think that it is not appropriate to change their severity
to anything not release critical without an explanation of why they
aren't a problem.

Well, what do you think about this?

Cya, Florian

Reply to:

Follow-Ups:
- Re: Severity of bug #259993
  - From: Frank Lichtenheld <djpig@debian.org>
- Re: Severity of bug #259993
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Bug#261991: marked as done (developer.php: hidden parts appear multiple times)
Next by Date: Re: Severity of bug #259993
Previous by thread: Bug#262502: marked as done (developer.php fails if dehsdb is not there)
Next by thread: Re: Severity of bug #259993
Index(es):
- Date
- Thread