lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Nov 30 16:23:00 2005
From: alindeman at gmail.com (Andy Lindeman)
Subject: Help with reporting

It would probably be the most socially responsible to report the bug
to security@....net first and allow them to assist in fixing it and
putting out an advisory (they would almost certainly be amenable to
crediting you with finding it, if this is important to you)

As a quote from http://bugs.php.net/report.php:

"If you feel this bug concerns a security issue, eg a buffer overflow,
weak encryption, etc, then email security@....net who will assess the
situation."

--A

On 11/30/05, Dr HenDre <drhendre@...il.com> wrote:
> Hi list,
>
> I've been following this list for quite a while now and finally i can
> contribute something.
> I think (i'm pretty sure) I've found a security bug in php, though I
> not at all familiar with reporting bugs to the vendor and to the list.
> So I'm looking for someone who can lead me the way.
>
> Thanks,
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ