This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Policy for posting security bug reports?


On Fri, Jun 22, 2012 at 09:08:36PM -0400, Rich Felker wrote:
> Hi all,
> 
> I first asked Carlos about this off-list, and he suggested it should
> be discussed on-list. What is the policy (or what should it be) for
> posting security-related bugs to the bug tracker and/or list?
> 
> At the moment, the bug I'd like to report is something I would
> consider moderate severity; it's in a family of interfaces that aren't

After attempting to exploit the bug, I've found that a duplicate of
the exact same integer overflow elsewhere in glibc seems to make it
impossible to exploit, so I'm just going to post it to the bug
tracker.

Nonetheless, it would be nice to have a general policy for future
bugs.

Rich


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]