[Pkg-xfce-devel] Bug#517020: Bug#517020: Bug#517020: Bug#517020: Bug#517020: thunar: potential exploits via application launchers
On dim, 2009-03-01 at 12:44 -0500, Michael S. Gilbert wrote:
> On Sun, 01 Mar 2009 10:16:27 +0100 wrote:
>
> > > (although if that's the case, i think that there is a problem
> > > with debian's documentation [1] since it appears to indicate that any
> > > and all security holes are to be reported as grave).
> >
> > It says ?Most security bugs should also be set at critical or grave
> > severity.?. I guess you missed the ?most??
>
> yes indeed, i have overlooked that statement. however, that is to be
> found in the "Tags" and not the "Severity levels" section, so i had
> no reason to look there.
package: thunar
severity: grave
tags: security
You just discover that ?security? is a tag and not a severity?
> anyway, "most" means most, and the "non-most"
> category would primarily include no-data-compromise issues such as
> denial-of-services, i believe.
Yes, most means most. Thanks!
> it is in fact trivial to exploit:
I already noticed we disagreed on that.
> attackers have patience and understand the law of large numbers.
Nice quote indeed.
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20090301/15542f26/attachment.pgp
Reply to: