From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 69183 invoked by alias); 3 May 2017 21:58:41 -0000 Mailing-List: contact overseers-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: , Sender: overseers-owner@sourceware.org Received: (qmail 69152 invoked by uid 89); 3 May 2017 21:58:39 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: Yes, score=5.5 required=5.0 tests=BAYES_05,RP_MATCHES_RCVD,SCAM_SUBJECT,SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2 spammy=HTo:D*odu.edu, elasticorg, fche, UD:elastic.org X-HELO: elastic.org Received: from elastic.org (HELO elastic.org) (207.112.121.102) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 03 May 2017 21:58:38 +0000 Received: from fche by elastic.org with local (Exim 4.87) (envelope-from ) id 1d62IA-000Uc9-4E; Wed, 03 May 2017 17:58:38 -0400 Date: Wed, 03 May 2017 21:58:00 -0000 From: "Frank Ch. Eigler" To: "Charles A. Morris" Cc: overseers@gcc.gnu.org, charlesmorris@gmail.com Subject: Re: reporting a security issue in gcc / bugzilla account Message-ID: <20170503215838.GA97187@elastic.org> References: <20170503212542.EB2A9C17CA@sirius> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170503212542.EB2A9C17CA@sirius> User-Agent: Mutt/1.8.0 (2017-02-23) X-IsSubscribed: yes X-SW-Source: 2017-q2/txt/msg00050.txt.bz2 Hi - > I'd like to have a gcc bugzilla account. Done, enjoy. > That said, I have found a few security issues in gcc. > Is there a way to safely report these through bugzilla? > What is the preferred point of contact for these types of issues? I am not aware of any sort of confidential security contact for gcc. Unless you have some reason to believe it's a non-trivial severity (CVSS score), maybe might just as well post it publicly. - FChE