[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: What is a security bug?



Well, obviously it is not a _security_ bug, since it has nothing to do
with security. However, it is a bug, maybe even a critical one. 
As long as the bug does not compromise the security of the system
(enables unauthorised execution of code, access to memory of other
process of manipulating the content of the other tabs or something like
that) is has nothing to do with security and hence not with this list
(debian-security).   

well, that's obviously for me, but maybe someone else has a different
opion about this issue?

regards, Jasper

-----Original Message-----
From: Florian Weimer [mailto:fw@deneb.enyo.de] 
Sent: woensdag 23 november 2005 11:15
To: debian-security@lists.debian.org
Subject: What is a security bug?

It seems that I have difficulty understanding what constitutes a
security bug in a web browser.

Suppose that the web browser always crashes when confronted with certain
input, losing all of its state.  With tabbed browsing, multiple browser
opened by the same process etc., this means that potentially important
work is lost.

Is this a security bug?  Or is this more in the category of "don't do
that, then"?

I used to laugh at office regulations which recommend closing all
applications (including internal web applications) when browsing the
Internet, but if software vendors don't consider such crash bugs a
priority issue, they do make sense.


--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org



Reply to: