Re: Proper procedure for reporting possible security vulnerabilities?

From: Jesper Juhl
Date: Mon Jan 10 2005 - 17:41:54 EST

Next message: Lennart Sorensen: "Re: Unable to burn DVDs"
Previous message: Mike Waychison: "Re: [PATCH 4/11] FUSE - read-only operations"
In reply to: Steve Bergman: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Chris Wright: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 10 Jan 2005, Steve Bergman wrote:

> Florian Weimer wrote:
>
> > Contact your vendor. You are using vendor kernels, are you? 8-)
> >
>
> Actually I am having a discussion with a Pax Team member about how the recent
> exploits discovered by the grsecurity guys should have been handled. They
> clam that they sent email to Linus and Andrew and did not receive a response
> for 3 weeks, and that is why they released exploit code into the wild.
>
> Anyone here have any comments on what I should tell him?
>
I don't know what other people would do or what the general feeling on
the list is, but personally I'd send such reports to the maintainer and
CC lkml, if there is no maintainer I'd just send to lkml.

--
Jesper Juhl

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lennart Sorensen: "Re: Unable to burn DVDs"
Previous message: Mike Waychison: "Re: [PATCH 4/11] FUSE - read-only operations"
In reply to: Steve Bergman: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Chris Wright: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]