From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fweimer@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by sourceware.org (Postfix) with ESMTPS id C35FA3856DD2
 for <gcc-help@gcc.gnu.org>; Wed, 25 May 2022 19:35:30 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C35FA3856DD2
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-670-FJGCKYpUM4aV-bXNSYLLQw-1; Wed, 25 May 2022 15:35:26 -0400
X-MC-Unique: FJGCKYpUM4aV-bXNSYLLQw-1
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1CEB43C0ED5D;
 Wed, 25 May 2022 19:35:26 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.39.193.94])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 711C1C23DBF;
 Wed, 25 May 2022 19:35:24 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: Marius Muench via Gcc-help <gcc-help@gcc.gnu.org>
Cc: Marius Muench <m.muench@vu.nl>,  pagani@cs.ucsb.edu,  Cristiano
 Giuffrida <c.giuffrida@vu.nl>,  Fabian Freyer <mail@fabianfreyer.de>,
 v.m.duta@vu.nl
Subject: Re: Security Point of Contact
References: <1dffbaaa-04f2-9ab9-ed3a-1de20cefcff3@vu.nl>
Date: Wed, 25 May 2022 21:35:22 +0200
In-Reply-To: <1dffbaaa-04f2-9ab9-ed3a-1de20cefcff3@vu.nl> (Marius Muench via
 Gcc-help's message of "Wed, 25 May 2022 18:59:54 +0200")
Message-ID: <87fskxwglh.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_NONE, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-help@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-help mailing list <gcc-help.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-help>,
 <mailto:gcc-help-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-help/>
List-Post: <mailto:gcc-help@gcc.gnu.org>
List-Help: <mailto:gcc-help-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-help>,
 <mailto:gcc-help-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2022 19:35:31 -0000

* Marius Muench via Gcc-help:

> We are a group of researchers from VU Amsterdam, UC Santa Barbara, and
> independents.
> We found a potential security issue with the implementation of the
> Itanium C++ ABI unwinding process, and were wondering if you have any 
> secure email contact point we can follow up on with additional
> details, or whether we should post it directly to the public
> bugtracker after coordinating with other affected parties.
> Either way, we would like to disclose the information as soon as possible.

Please file a public bug once you are ready.  This does not sound like
something that would benefit a lot from pre-disclosure coordination.

Thanks,
Florian