Date: Thu, 29 Jan 2015 17:16:21 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) On Thu, 29 Jan 2015 08:00:48 -0800 Paul Pluzhnikov <ppluzhnikov@...il.com> wrote: > What is the appropriate forum to cry alarm on? > > We are not a distro, and (AFAICT) are not on any of the closed lists. > But maybe we should be. I'm not on any closed list either, but I agree chrome os people probably should be on the distros list :-) I think Solar Designer is the responsible person that manages this. On the alarm crying it depends. In this case it already was pretty much public, so forwarding the info here would be appropriate I think. I assume that's also true for all too-minor-to-worry-too-much-issues. If these become too much we can always think about another public "post minor maybe-security-issues-here"-mailing-list. But a lot of minor issues get posted here already and I think people are fine with it right now. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.