[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: recent PSPP vulnerability reports
From: |
John Darrington |
Subject: |
Re: recent PSPP vulnerability reports |
Date: |
Mon, 28 Aug 2017 12:40:00 +0200 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Sun, Aug 27, 2017 at 04:18:46PM -0700, Ben Pfaff wrote:
Thanks for reporting a number of bugs related to vulnerabilities in PSPP
lately. However, so far you have only reported these bugs downstream,
to Red Hat and SuSE. Please first report them to the project itself
directly, at address@hidden or via http://sv.gnu.org/p/pspp, or if
you believe that they are serious vulnerabilities then privately to me
or to John Darrington <address@hidden>. This will allow
the bugs to be fixed more quickly since the PSPP developers find out
about them immediately, not just from downstream packagers.
Also, I think that describing these bugs as "remote denial of service" vectors,
is a little exaggerated. As I see it, the worst that can happen is that cause
is that PSPP will crash when presented with specially crafted files.
But thanks for identifying and reporting these issues anyway.
J'
--
Avoid eavesdropping. Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
signature.asc
Description: Digital signature