Severity of application launcher issues
I submitted the recent application launcher issues into the tracker with
medium urgency, and the severity was subsequently reduced to low. I
had followed the categorization guidelines [1], and medium seemed like
a better fit since malicious code execution is possible with user
interaction:
medium:
For anything which permits code execution after user interaction.
Local privilege escalation vulnerabilities are in this
category as well, or remote privilege escalation if it's constrained
to the application (i.e. no shell access to the underlying system,
such as simple cross-site scripting). Most remote DoS
vulnerabilities fall into this category, too.
Just curious about the logic so I can better categorize issues in the
future.
Best Regards,
Mike
[1]
http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction?op=file&rev=0&sc=0
Reply to: