Kevin Kofler wrote:
diff -Nur foo-old foo-new
and you'll see fairly quickly what they fixed. (And it's also trivial for a
cracker to do that, so it's utterly pointless to try withholding
information that way.)
I disagree.
I recently fixed something that could be considered "denial of service"
in a program I maintain. The patch basically replaces some instances of
"foo=object; object.incrementRefCount();' with 'foo=object.clone();'.
I'd challenge you to figure out from just that how to exploit the
problem, whereas the bug report might contain a detailed description of
what you had to do, how the timing has to work out, and exactly what
effect would be seen.
There's a difference between having to engineer an exploit from the
patch (especially if even the commit is vaguely worded), and having full
documentation on the problem and its cause.
--
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
--
find / -user your -name base -print0 | xargs -0 chown us:cats -- Unknown
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
