* [2008-06-02 11:39:22 -0700] Adam Williamson wrote:

>> Yes, I think that a fix for "could potentially cause filesystem corruption"
>> counts as a security fix
>
>No, it doesn't, it counts as a bug fix (to be handled by packager, not
>sec team).

Thanks. I was about to reply the same.

To explain a bit further the reasoning behind this -- filesystem
corruption sucks, yes, but if the program is doing it itself, it's a
bug. If I, as a regular user, can do some naughty things to *create*
the corruption, that's a different story -- but then it would have to be
bypassing intended checks to prevent that, or something else similarly
clever.

But putting that into main/testing pretty much would guarantee 2008.1
gets the fix.

--
Vincent Danen @ http://linsec.ca/