This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Policy for posting security bug reports?


Hi all,

I first asked Carlos about this off-list, and he suggested it should
be discussed on-list. What is the policy (or what should it be) for
posting security-related bugs to the bug tracker and/or list?

At the moment, the bug I'd like to report is something I would
consider moderate severity; it's in a family of interfaces that aren't
often used in programs running with elevated privilegs, but if
exploited, it leads to memory corruption that could result in
arbitrary code execution. I can provide a patch to fix it along with
the report.

Of course, it would be nice to have a general policy.

--
Rich Felker
http://www.etalabs.net


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]