Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 Jan 2015 17:16:21 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: GHOST gethostbyname() heap overflow in glibc
 (CVE-2015-0235)

On Thu, 29 Jan 2015 08:00:48 -0800
Paul Pluzhnikov <ppluzhnikov@...il.com> wrote:

> What is the appropriate forum to cry alarm on?
> 
> We are not a distro, and (AFAICT) are not on any of the closed lists.
> But maybe we should be.

I'm not on any closed list either, but I agree chrome os people
probably should be on the distros list :-)
I think Solar Designer is the responsible person that manages this.

On the alarm crying it depends. In this case it already was pretty much
public, so forwarding the info here would be appropriate I think. I
assume that's also true for all too-minor-to-worry-too-much-issues.
If these become too much we can always think about another public "post
minor maybe-security-issues-here"-mailing-list. But a lot of minor
issues get posted here already and I think people are fine with it
right now.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.