Re: Proper procedure for reporting possible securityvulnerabilities?

From: Alan Cox
Date: Tue Jan 11 2005 - 13:27:26 EST

Next message: Linus Torvalds: "Re: clean way to support >32bit addr on 32bit CPU"
Previous message: Alan Cox: "Re: User space out of memory approach"
In reply to: Barry K. Nathan: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Llu, 2005-01-10 at 21:42, Steve Bergman wrote:
> handled. They clam that they sent email to Linus and Andrew and did not
> receive a response for 3 weeks, and that is why they released exploit
> code into the wild.
>
> Anyone here have any comments on what I should tell him?

They could have reported them to:
vendor-sec
cert
dfn-cert
any other cert like object
security@almost any linux vendor

but didn't. Nor it appears did they chase up their report.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: clean way to support >32bit addr on 32bit CPU"
Previous message: Alan Cox: "Re: User space out of memory approach"
In reply to: Barry K. Nathan: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]