Re: How do I disclose a vulnerability?

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do I disclose a vulnerability?

From:	Samuel Thibault
Subject:	Re: How do I disclose a vulnerability?
Date:	Fri, 14 May 2021 19:03:59 +0200
User-agent:	NeoMutt/20170609 (1.8.3)

Sergey Bugaev, le ven. 14 mai 2021 19:33:38 +0300, a ecrit:
> I asked about this on the Fediverse; and got (among other replies)
> this small guide [0] which sounds like a good plan of action. What do
> you think?

Yes, except for the CVE part which is not needed here, since I will do
the Debian upload anyway.

Basically the plan can be as simple as:

- I upload the fixed package in Debian
- a couple of days later (after upgrading those online systems who do
have various users), we can push the fix to upstream hurd.

Samuel

[Prev in Thread]

Current Thread

[Next in Thread]

How do I disclose a vulnerability?, Sergey Bugaev, 2021/05/14
- Re: How do I disclose a vulnerability?, Samuel Thibault, 2021/05/14
  - Re: How do I disclose a vulnerability?, Sergey Bugaev, 2021/05/14
    - Re: How do I disclose a vulnerability?, Samuel Thibault <=
    - Re: How do I disclose a vulnerability?, Sergey Bugaev, 2021/05/18

Prev by Date: Re: How do I disclose a vulnerability?
Next by Date: Re: rpctrace output improvements?
Previous by thread: Re: How do I disclose a vulnerability?
Next by thread: Re: How do I disclose a vulnerability?
Index(es):
- Date
- Thread