Hi Ben, On Wed, Jun 26, 2013 at 9:40 PM, Ben Hutchings <b...@decadent.org.uk> wrote: > It's a bit late for that, as you sent mail to a public mailing list.
As I mentioned in the debian-devel thread, I realize only now that many emails (about 20% in our case), that are listed as package maintainers, are public mailing lists. That's unfortunate, but hopefully most reported bugs will not be security critical. > There does not seem to be any way to make the kernel invoke nfsidmap > with an invalid option as used in the test case, and I don't see any > reason for a user to invoke it directly with untrusted input. So I > don't think there is any security issue here. That's a good point, and it looks like a majority of the crashes have little security implications. The security tags will be removed before submitting the report, unless advised otherwise by the package maintainers. Thanks, Alex -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAF1AS2hHdOc+PT=OP4oDiiCcdGqBq25JTXua=g9-4sufelm...@mail.gmail.com
