Severity of bug #259993
Hi,
I recently (well, two weeks ago, that is) reported a number of security
problems in cups-pdf, originally filed under #259993. Please read the
BTS entry for details on the development up to the current situation:
The maintainer of cups-pdf, Martin-Éric Racine, has degraded all the
bugs to important, thus making them non-release-critical.
Even though I haven't tried to exploit them I'm quite sure that at
least two of them can be used to obtain root privileges quite easily.
That is why I think that it is not appropriate to change their severity
to anything not release critical without an explanation of why they
aren't a problem.
Well, what do you think about this?
Cya, Florian
Reply to: