Control: severity -1 grave On 2014-04-26 10:29:28 -0400, Thomas Dickey wrote: > In > > https://www.debian.org/Bugs/Developer#severities > > the closest description is "important". (This couldn't allow a breakin > to the users's account which would be the justification for "grave").
https is typically used to transmit login/passwords, and if certificates are not correctly checked, such information may be transmitted to a forged web site[*], so that malicious people could access to the corresponding accounts of the user. Similarly, bug 743883 was grave due to the possible leak of private data (private keys, passwords...). No-one complained about its severity. [*] I suspect that this is easier nowadays, e.g. by setting up a public wifi hotspot. > By the way, the same issue applies to elinks, links2 and w3m I haven't checked everything yet. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
