[lstyls]

Unless it has a clear exploit it makes some amount of sense to me that this would not be put on a security timeline. But I am not a security expert either.

There was an anecdote in the issue tracker that suggested there was some level of privilege escalation but that did not contain a repro or any supporting evidence.

[Khaine]

IT Security is usually considered through the prism of the CIA Triad[1]. Confidentiality, Integrity and Availability.

Therefore any issue which impacts the availability of a service or device is a security issue.

[1] https://en.wikipedia.org/wiki/Information_security#Key_conce...

[AlphaSite]

This is availability of a single system, not a distributed system.

[Khaine]

Its the same concept. If a user can't use his computer because of a local DoS its still a security issue.

To make this really simple, imagine if I ran a fork bomb on one server. That makes the server unavailable for users who want to log into it for whatever reason. Therefore it is a security issue.

It doesn't matter if its an end user device, one sever or a distributed system. I as the user cannot do what I want to do. That is what 'availability' means in the CIA triad.

[lstyls]

I get why it's a security issue. My point is that it's not on the same level as a critical vulnerability.