public inbox for overseers@sourceware.org
 help / color / mirror / Atom feed
* reporting a security issue in gcc / bugzilla account
@ 2017-05-03 21:25 Charles A. Morris
  2017-05-03 21:58 ` Frank Ch. Eigler
  0 siblings, 1 reply; 3+ messages in thread
From: Charles A. Morris @ 2017-05-03 21:25 UTC (permalink / raw)
  To: overseers; +Cc: charlesmorris

I'd like to have a gcc bugzilla account.

That said, I have found a few security issues in gcc.

Is there a way to safely report these through bugzilla?

What is the preferred point of contact for these types of issues?

Thanks,
Charles
AS 1201

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: reporting a security issue in gcc / bugzilla account
  2017-05-03 21:25 reporting a security issue in gcc / bugzilla account Charles A. Morris
@ 2017-05-03 21:58 ` Frank Ch. Eigler
  2017-05-04 14:41   ` Jeff Law
  0 siblings, 1 reply; 3+ messages in thread
From: Frank Ch. Eigler @ 2017-05-03 21:58 UTC (permalink / raw)
  To: Charles A. Morris; +Cc: overseers, charlesmorris

Hi -

> I'd like to have a gcc bugzilla account.

Done, enjoy.

> That said, I have found a few security issues in gcc.
> Is there a way to safely report these through bugzilla?
> What is the preferred point of contact for these types of issues?

I am not aware of any sort of confidential security contact for gcc.
Unless you have some reason to believe it's a non-trivial severity
(CVSS score), maybe might just as well post it publicly.

- FChE

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: reporting a security issue in gcc / bugzilla account
  2017-05-03 21:58 ` Frank Ch. Eigler
@ 2017-05-04 14:41   ` Jeff Law
  0 siblings, 0 replies; 3+ messages in thread
From: Jeff Law @ 2017-05-04 14:41 UTC (permalink / raw)
  To: Frank Ch. Eigler, Charles A. Morris; +Cc: overseers, charlesmorris

On 05/03/2017 03:58 PM, Frank Ch. Eigler wrote:
> Hi -
> 
>> I'd like to have a gcc bugzilla account.
> 
> Done, enjoy.
> 
>> That said, I have found a few security issues in gcc.
>> Is there a way to safely report these through bugzilla?
>> What is the preferred point of contact for these types of issues?
> 
> I am not aware of any sort of confidential security contact for gcc.
> Unless you have some reason to believe it's a non-trivial severity
> (CVSS score), maybe might just as well post it publicly.
Right.  We really don't bother with embargos and the like.

Jeff

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-05-04 14:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-03 21:25 reporting a security issue in gcc / bugzilla account Charles A. Morris
2017-05-03 21:58 ` Frank Ch. Eigler
2017-05-04 14:41   ` Jeff Law

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).