Re: What is a security bug?

To: debian-security@lists.debian.org
Subject: Re: What is a security bug?
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Wed, 23 Nov 2005 19:07:21 +0100
Message-id: <[🔎] E1Eez1d-0000Ku-00@calista.inka.de>
In-reply-to: <[🔎] 5B97FFB7F28E3E4294B049C968CBF47BE46E1B@SERVER-EX02A.INTERN.BBNED.NL>

In article <[🔎] 5B97FFB7F28E3E4294B049C968CBF47BE46E1B@SERVER-EX02A.INTERN.BBNED.NL> you wrote:
> Well, obviously it is not a _security_ bug, since it has nothing to do
> with security.
...
> well, that's obviously for me, but maybe someone else has a different
> opion about this issue?

Your definition and mine of security are not compatible :) 

(availability is a security discipline and a DOS is a security attack for
me). But I think we had this discussion before on this list...

However it doesnt matter, you are right: critical application crashes
(especially if triggerable by untrusted peers) are critical enough to be
fixed anyway. AND crashes often have the potential to be exploitable
(stacksmashing?).

Gruss
Bernd

Reply to:

Follow-Ups:
- Re: What is a security bug?
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- RE: What is a security bug?
  - From: "Jasper Filon" <jasper.filon@bbned.nl>

Prev by Date: Re: What is a security bug?
Next by Date: Re: What is a security bug?
Previous by thread: Re: What is a security bug?
Next by thread: Re: What is a security bug?
Index(es):
- Date
- Thread