* reporting a security issue in gcc / bugzilla account
@ 2017-05-03 21:25 Charles A. Morris
2017-05-03 21:58 ` Frank Ch. Eigler
0 siblings, 1 reply; 3+ messages in thread
From: Charles A. Morris @ 2017-05-03 21:25 UTC (permalink / raw)
To: overseers; +Cc: charlesmorris
I'd like to have a gcc bugzilla account.
That said, I have found a few security issues in gcc.
Is there a way to safely report these through bugzilla?
What is the preferred point of contact for these types of issues?
Thanks,
Charles
AS 1201
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: reporting a security issue in gcc / bugzilla account
2017-05-03 21:25 reporting a security issue in gcc / bugzilla account Charles A. Morris
@ 2017-05-03 21:58 ` Frank Ch. Eigler
2017-05-04 14:41 ` Jeff Law
0 siblings, 1 reply; 3+ messages in thread
From: Frank Ch. Eigler @ 2017-05-03 21:58 UTC (permalink / raw)
To: Charles A. Morris; +Cc: overseers, charlesmorris
Hi -
> I'd like to have a gcc bugzilla account.
Done, enjoy.
> That said, I have found a few security issues in gcc.
> Is there a way to safely report these through bugzilla?
> What is the preferred point of contact for these types of issues?
I am not aware of any sort of confidential security contact for gcc.
Unless you have some reason to believe it's a non-trivial severity
(CVSS score), maybe might just as well post it publicly.
- FChE
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: reporting a security issue in gcc / bugzilla account
2017-05-03 21:58 ` Frank Ch. Eigler
@ 2017-05-04 14:41 ` Jeff Law
0 siblings, 0 replies; 3+ messages in thread
From: Jeff Law @ 2017-05-04 14:41 UTC (permalink / raw)
To: Frank Ch. Eigler, Charles A. Morris; +Cc: overseers, charlesmorris
On 05/03/2017 03:58 PM, Frank Ch. Eigler wrote:
> Hi -
>
>> I'd like to have a gcc bugzilla account.
>
> Done, enjoy.
>
>> That said, I have found a few security issues in gcc.
>> Is there a way to safely report these through bugzilla?
>> What is the preferred point of contact for these types of issues?
>
> I am not aware of any sort of confidential security contact for gcc.
> Unless you have some reason to believe it's a non-trivial severity
> (CVSS score), maybe might just as well post it publicly.
Right. We really don't bother with embargos and the like.
Jeff
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-05-04 14:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-03 21:25 reporting a security issue in gcc / bugzilla account Charles A. Morris
2017-05-03 21:58 ` Frank Ch. Eigler
2017-05-04 14:41 ` Jeff Law
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).