On Wed, 18 May 2011, Adam Williamson wrote: > # There must be no known remote code execution vulnerability which could > be exploited during installation or during use of a live image shipped > with the release A vulnerability does not need to involve code execution to be serious enough. Consider a remotely exploitable vulnerability making it possible to read any files. Or to send email (read: spam). Or to delete or corrupt data. (On the other hand, arbitrary code execution may be a mere nuisance as long as it is confined properly.) -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21st century edition / -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
