On Mon, May 12, 2008 at 05:31:32PM -0600, dann frazier wrote: > On Mon, May 12, 2008 at 11:52:27PM +0100, Dominic Hargreaves wrote:
> > Is there any reason this has been labelled as a DoS rather than an > > potential arbitrary code execution issue (which > > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1669 suggests it is) - eg > > are there mitigating circumstances in the Debian kernel? > At the time I prepared this upload, I was under the impression that > this was a potential arbitrary code execution issue (with no known > exploit). However, while preparing the DSA I didn't find convincing > evidence that this was more than a DoS. I could of course be wrong, > and if I am I'll be happy to update the advisory. Thanks for the response. It's possible I'm misreading the "Impact Type" jargon in the URL above. As another datapoint I note that http://www.securityfocus.com/bid/29076/discuss lists it as a DoS. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
