Re: [SECURITY] [DSA 2695-1] chromium-browser security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2695-1] chromium-browser security update
From: Nick Boyce <nick@glimmer.adsl24.co.uk>
Date: Sun, 2 Jun 2013 14:32:13 +0100
Message-id: <[🔎] 201306021432.14070.nick@glimmer.adsl24.co.uk>
In-reply-to: <20130529142354.GA4609@SD6-Casa.iuculano.it>
References: <20130529142354.GA4609@SD6-Casa.iuculano.it>

On Wednesday 29 May 2013 15:23:54 Michael Gilbert wrote:

> or possibly have unspecified other impact via unknown vectors.

I'm just wondering ... is that Google language for "or possibly allow remote 
code execution" ?

The phrase occurs for many of the vulnerabilities listed in the advisory, and 
most browser release notices cure some bugs that may allow remote code 
execution ... but not one of the vulnerabilities listed in this one refers to 
rce.  

I'm wondering whether the phrasing of the descriptions of the CVEs listed in 
this advisory is Google's choice .....

And I'm thinking "unspecified impact" isn't very helpful really.

Cheers,
Nick
-- 
Never FDISK after midnight

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2695-1] chromium-browser security update
  - From: Michael Gilbert <mgilbert@debian.org>

Next by Date: Re: [SECURITY] [DSA 2695-1] chromium-browser security update
Next by thread: Re: [SECURITY] [DSA 2695-1] chromium-browser security update
Index(es):
- Date
- Thread