Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 20 Nov 2014 17:19:14 +0100
From: Sven Kieske <s.kieske@...twald.de>
To: <oss-security@...ts.openwall.com>
Subject: Re: Fuzzing project brainstorming

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/11/14 16:50, Hanno Böck wrote:
> There lays deeper a question that I asked myself already: What's
> an "okay" way of reporting these things? Basically what I usually
> did is just sending crash samples to upstream devs and add some
> valgrind/asan output. One could argue that I'm offloading the real
> work to the upstream devs, however I feel they know their code
> better than I do (and often I'm just not qualified to create the
> fix). Until now I feel most upstreams were okay with that.

Maybe it would be worth it to contact the "hydra" devs about this
as they provided also reproducing test-cases for the crashes, when
reporting to debian?

sadly hydra is not open source.

- -- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad
Oeynhausen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJUbhSCAAoJEC5d3lL7/I9ze6AP/0d+zGjckKfIrldv8czlMgvZ
bqA6lCrtlz+2GIqXWSIgQVU8miyEB/rPUJTPQQ+upiR9f1Rx3Tym0/w0iKiuhKDm
Xh3GJqcrmlYut6HEPz4Mg81HfD6Qr2Yrvzot/GXepDvxBI13HFbu7YGpi4era3bR
qJDRjcTaBZnxPPHZpO+49Ih1G8616N1bTjJS4EIU7XlHJIOQygJQtwWx7AVe1CCo
ZEBR4jG65C5ulvrBNKc9GT+8SOy6F8JSOg7SevXr7SJBnvDRVtkqNDFTq84M1XCL
xGgZTKNdQ9GJIexlVCAoGwpHtMTZ3+dToxolxLlL2ixlyb7vV8UgYtSe1EvdbfMq
xvL6Il27lfdYIwQZrK+1C56EugeopXi2b/GLalU71PGXeIIHUws7djpHAjkOj59F
yNT8svwkajnSRzkoMwkATu3+eHkvSNhZTZKRYz6RgkovyMS8AOraqDmJCLqfni3l
tEzrBUAlmtghAKUWzPpDsoeZ7I96z2zYgdJamSGMdYf81vbDUU202BejpF1gKMTx
XM2nS2MS8PNaF7y2w7Nc9FYlo+vM2VaT9hoGbTTo2NjIdrpkyHwmpoI7oZ/n1/kN
QF+cjkAu3+lUuMYw2vKvXSUmiuGIpXpwfKti6y7CwyMaYTeuHHgyCU2YVbIqgVNe
c1g4fDtUHktAsAHIR56c
=Joj1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.