severity 582146 important
thanks

On Tue, May 18, 2010 at 07:06:31PM +0200, Thiemo Nagel wrote:
> Package: sun-java6-bin
> Version: 6.20-dlj-1
> Severity: grave
> File: /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/i386/libnpjp2.so
> Tags: security
> Justification: user security hole
> 
> Reporting of system fonts by browser plugins may lead to total loss of
> anonymity, especially when an uncommon combination of fonts has been
> installed, as demonstrated by the EFF: http://panopticlick.eff.org/
> See also: http://browserspy.dk/fonts-java.php
> 
> I've set severity "grave" because information leaks are considered security
> issues if I'm not mistaken, and also because it's not only a theoretical
> vulnerability, as demonstrations for exploits do exist.

While this is a privacy issue, it doesn't qualify as a RC security bug.

Cheers,
        Moritz



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to