I submitted the recent application launcher issues into the tracker with medium urgency, and the severity was subsequently reduced to low. I had followed the categorization guidelines [1], and medium seemed like a better fit since malicious code execution is possible with user interaction:
medium: For anything which permits code execution after user interaction. Local privilege escalation vulnerabilities are in this category as well, or remote privilege escalation if it's constrained to the application (i.e. no shell access to the underlying system, such as simple cross-site scripting). Most remote DoS vulnerabilities fall into this category, too. Just curious about the logic so I can better categorize issues in the future. Best Regards, Mike [1] http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction?op=file&rev=0&sc=0 -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
