Re: What is a security bug?

To: debian-security@lists.debian.org
Subject: Re: What is a security bug?
From: Rolf Kutz <kutz@netcologne.de>
Date: Wed, 23 Nov 2005 12:46:04 +0100
Message-id: <[🔎] 20051123114604.GA3166@afrika.vzsze.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 5B97FFB7F28E3E4294B049C968CBF47BE46E1B@SERVER-EX02A.INTERN.BBNED.NL>
References: <[🔎] 5B97FFB7F28E3E4294B049C968CBF47BE46E1B@SERVER-EX02A.INTERN.BBNED.NL>

* Quoting Jasper Filon (jasper.filon@bbned.nl):

> Well, obviously it is not a _security_ bug, since it has nothing to do
> with security. However, it is a bug, maybe even a critical one. 
> As long as the bug does not compromise the security of the system
> (enables unauthorised execution of code, access to memory of other
> process of manipulating the content of the other tabs or something like
> that) is has nothing to do with security and hence not with this list
> (debian-security).   

Security is not just related to execution of
malicious code. It also has to do with data
integrity or usability of software. A vulerability
to a DoS-Attack is IMHO a security bug. If it
justifies a security update is another question,
but IIRC every security bug does.

- Rolf

Reply to:

References:
- RE: What is a security bug?
  - From: "Jasper Filon" <jasper.filon@bbned.nl>

Prev by Date: RE: What is a security bug?
Next by Date: Re: What is a security bug?
Previous by thread: RE: What is a security bug?
Next by thread: Re: What is a security bug?
Index(es):
- Date
- Thread