Thijs Kinkhorst wrote: > Dear members of the security team(s), > > On Fri, 2007-01-12 at 11:08 -0300, Alex de Oliveira Silva wrote: > > Multiple vulnerabilities have been identified in phpMyAdmin, which may > > be exploited by attackers to execute arbitrary scripting code. These > > issues are due to unspecified input validation errors when processing > > certain parameters, which could be exploited by attackers to cause > > arbitrary scripting code to be executed by the user's browser in the > > security context of an affected Web site. > > Have you even read this text? > > In recent times, I've been receiving more bug reports against packages I > maintain that are worded like above: they are "unspecified" > vulnerabilities over "unspecified" vectors with "unknown" implications. > > Please, I appreciate it when bugs are filed, but what value do > contentless bugs like the one above add? How can they be "important" > when there's no information in them? > > How would you as a maintainer respond if I submitted a bug against his > package with the text "there's an unknown bug somewhere in your package > with unknown results"?
You could probably start writing 15k bugs... Regards, Joey -- Beware of bugs in the above code; I have only proved it correct, not tried it. -- Donald E. Knuth Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]