Severity of application launcher issues

To: debian-security-tracker@lists.debian.org
Subject: Severity of application launcher issues
From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Date: Fri, 13 Feb 2009 17:07:44 -0500
Message-id: <[🔎] 20090213170744.317797e5.michael.s.gilbert@gmail.com>

I submitted the recent application launcher issues into the tracker with
medium urgency, and the severity was subsequently reduced to low.  I
had followed the categorization guidelines [1], and medium seemed like
a better fit since malicious code execution is possible with user
interaction:

medium:
  For anything which permits code execution after user interaction.
  Local privilege escalation vulnerabilities are in this
  category as well, or remote privilege escalation if it's constrained
  to the application (i.e. no shell access to the underlying system,
  such as simple cross-site scripting). Most remote DoS
  vulnerabilities fall into this category, too.

Just curious about the logic so I can better categorize issues in the
future.

Best Regards,
Mike

[1]
http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction?op=file&rev=0&sc=0

Reply to:

Follow-Ups:
- Re: Severity of application launcher issues
  - From: Florian Weimer <fw@deneb.enyo.de>

Next by Date: The release and the tracker
Next by thread: Re: Severity of application launcher issues
Index(es):
- Date
- Thread