This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Policy for posting security bug reports?
- From: Rich Felker <dalias at aerifal dot cx>
- To: libc-alpha at sourceware dot org
- Date: Sat, 23 Jun 2012 23:32:13 -0400
- Subject: Re: Policy for posting security bug reports?
- References: <20120623010836.GA2651@brightrain.aerifal.cx>
On Fri, Jun 22, 2012 at 09:08:36PM -0400, Rich Felker wrote:
> Hi all,
>
> I first asked Carlos about this off-list, and he suggested it should
> be discussed on-list. What is the policy (or what should it be) for
> posting security-related bugs to the bug tracker and/or list?
>
> At the moment, the bug I'd like to report is something I would
> consider moderate severity; it's in a family of interfaces that aren't
After attempting to exploit the bug, I've found that a duplicate of
the exact same integer overflow elsewhere in glibc seems to make it
impossible to exploit, so I'm just going to post it to the bug
tracker.
Nonetheless, it would be nice to have a general policy for future
bugs.
Rich