Re: USBCreator D-Bus service

[Kurt Seifried <kseifried () redhat com>]

On 04/22/2015 07:49 PM, Solar Designer wrote:
> On Wed, Apr 22, 2015 at 05:50:35PM -0700, Tavis Ormandy wrote:
> > On Wednesday, April 22, 2015, Seth Arnold <seth.arnold () canonical com> wrote:
> > > We treat local root escalation vulnerabilities with a high priority[1].
> >
> > I wish you had spoken up during the previous discussion. It was my
> > impression that embargoes for local privilege escalations were universally
> > considered deprecated.
>
> I think Kurt's comment (in the linux-distros discussion) on not needing
> further vulnerability reports embargoed applied solely to ABRT.
>
> I can see how this can appear as extending to any local root issues, for
> users who have ABRT installed and enabled.
>
> Kurt might want to clarify this.
>
> Alexander

Clarification won't be possible for a bit, I'm actually meeting with
Tavis tomorrow to discuss this and other things (this was scheduled some
time ago, it seems I was right in assuming this would become a bigger
issue =).


-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature