severity 498243 grave
thanks
On Sat, Oct 25, 2008 at 11:40:44PM -0400, David Moreno wrote:
> tags 498243 + upstream
> stop
>
> Issues 3A-3G haven't been addressed yet by Xine, not even in release
> 1.1.15, tagging upstream.
>
> As Reinhard Tartler suggests, the severity can be downgraded now; the
> remaining issues subjected "unexpected process termination and other
> issues" are not considered to be grave-wise anymore since they are not
> representing security holes exposing user data or data loss, but only
> random different problems prone to unexpected crashes or segmentation
> faults: 'important' severity.
The ocert advisory states that code injection is possible for some of
the issues in 3A-3G and Will knows what he's doing.
Given that his report also has precise information, where the specific
bugs are present, this should rather be patched than downgraded.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
