[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] Problems with cpio and tar, security contact?
From: |
halfdog |
Subject: |
Re: [Bug-tar] Problems with cpio and tar, security contact? |
Date: |
Wed, 18 Aug 2010 11:55:55 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:2.0b4pre) Gecko/20100817 SeaMonkey/2.1b1pre |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello List,
Some time ago I asked for a security contact at tar and cpio bug mailing list.
The response was:
Sergey Poznyakoff wrote:
> halfdog <address@hidden> ha escrit:
> ...
>> If not, is there someone to contact for security issues in cpio and
>> tar?
>
> For all issues regarding GNU tar, please write to this list
> (i.e. <address@hidden>). For anything regarding GNU cpio, write to
> <address@hidden>.
>
> Regards,
> Sergey
Since I did not want to post bug description and exploit to public mailing list,
I sent messages to Sergey directly, but it seems, that they did not reach him or
he did not reply to it.
201005010942-MailToSergeyPoznyakoff-TarBug.eml
201005071927-MailToSergeyPohnyakoff-TarBugInformationAndExploit.eml
201008120635-MailToSergeyPoznyakoff-SecurityIssue.eml
Is there someone who still would want to fix the problem? Otherwise standard
(full) disclosure will be 2010-08-30, I will then post bug description and POC
to this list also.
- --
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFMa6uJxFmThv7tq+4RAg+7AKCHM0WuzdT0kDJHfSGJkvW1l8nJRgCghaGd
VWCdpGNwoKfaQ/3yuMkzIKQ=
=b4dU
-----END PGP SIGNATURE-----
- Re: [Bug-tar] Problems with cpio and tar, security contact?,
halfdog <=