Date: Fri, 4 Aug 2017 18:59:15 +0200 From: Andrey Konovalov <andreyknvl@...il.com> To: oss-security@...ts.openwall.com Cc: willemdebruijn.kernel@...il.com, Dmitry Vyukov <dvyukov@...gle.com>, Kostya Serebryany <kcc@...gle.com> Subject: Reporting and disclosing Linux kernel vulnerabilities Hi! It's not completely clear to me how to properly report and disclose Linux kernel security issues. There are a few different parties [1, 2, 3] that need to be informed and coordinated. I couldn't find a publicly available actionable list of steps, so I've outlined it as I see it here: https://github.com/google/syzkaller/blob/master/docs/linux_kernel_reporting_bugs.md#reporting-security-bugs Thoughts? Comments? Thanks!  https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html  http://oss-security.openwall.org/wiki/mailing-lists/distros  http://oss-security.openwall.org/wiki/mailing-lists/oss-security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ