On Tue Jan 18, 2011 at 22:25:20 +1100, Silvio Cesare wrote: > This kind of testing is good for Debian security and provides some comfort > to me at least knowing this class of vulnerability has been tested for > against the privleged programs in the Debian repository.
Agreed. I started doing the same thing a few years ago, and it was very useful. However to make your reports more thorough it is important to look at the source of the code to see if the crash is an exploitable one or not. Ideally you'd include that information in any bug reports you submitted. Steve -- http://www.steve.org.uk/ -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110118114447.ga9...@steve.org.uk
