Hi Christoph,
I admittedly just noticed the severity which the bug reporter set when
seeing this mail:
Debian Bug Tracking System wrote:
> > severity 996778 grave
> Bug #996778 [xymon-client] xymon-client: disable logfetch's ability to
> execute arbitrary code
> Severity set to 'grave' from 'critical'
"critical" is indeed clearly wrong. I'd have rather said "important"
only as the claim of being a "root hole" is wrong. But ok.
I'm though not sure if this is acceptable for stable updates as it is
a rather invasive change IMHO.
Regards, Axel
--
,''`. | Axel Beckert <[email protected]>, https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
