© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I would agree that any hypothetical use-after-free / double-free errors are usually also security vulnerabilities. But these ones were discovered with static analysis and/or affecting engine use, in error conditions only. Thus connectivity must already be failing / denied, before one can trip these ones up. Not sure if one can further stage an attack by staging a connection failure, and try to disclose information from that.
Will ping security team about it.