Re: Proper procedure for reporting possible security vulnerabilities?

From: Steve Bergman
Date: Mon Jan 10 2005 - 17:00:47 EST

Next message: Mauricio Lin: "User space out of memory approach"
Previous message: Nishanth Aravamudan: "[UPDATE PATCH] block/pcd: replace pcd_sleep() with msleep()/ssleep()"
In reply to: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Jesper Juhl: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Florian Weimer wrote:

Contact your vendor. You are using vendor kernels, are you? 8-)

Actually I am having a discussion with a Pax Team member about how the recent exploits discovered by the grsecurity guys should have been handled. They clam that they sent email to Linus and Andrew and did not receive a response for 3 weeks, and that is why they released exploit code into the wild.

Anyone here have any comments on what I should tell him?

Thanks,
Steve Bergman

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mauricio Lin: "User space out of memory approach"
Previous message: Nishanth Aravamudan: "[UPDATE PATCH] block/pcd: replace pcd_sleep() with msleep()/ssleep()"
In reply to: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Jesper Juhl: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]