Date: Thu, 4 Sep 2014 21:18:36 -0700 From: Tavis Ormandy <taviso@...xchg8b.com> To: oss-security@...ts.openwall.com Subject: Re: Re: heap overflow in procmail Rich Felker <dalias@...c.org> wrote: > On Wed, Sep 03, 2014 at 09:44:12PM -0700, Tavis Ormandy wrote: > > Rich Felker <dalias@...c.org> wrote: > > > > > > Unless I'm misunderstanding your report, the problem is in the formail > > > utility which comes with procmail, not procmail itself. This should be > > > clarified in the title of the vuln, perhaps as "heap overflow in > > > procmail's formail utility" rather than "heap overflow in procmail". > > > > I'm not sure what "title" you mean, are you referring to my email > > subject? If you are, I think "<problem> in <package>" is pretty > > reasonable, but perhaps this is subjective (hah!). > > Yes, the email subject. "<problem> in <package>" seems reasonable, but > when <package> is also the name of the main program in <package>, and the > actual vuln is in a secondary program included with it, I think it's > confusing. You're free to form the subject line of your emails any crazy way you like, you can put the entire email in there if it makes you happy. If you want a list policy on Subject lines, talk to the moderators - not me. I personally think information like version, platforms, programs and patches belong in the body. Tavis.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ