From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <overseers-return-14063-listarch-overseers=sources.redhat.com@sourceware.org>
Received: (qmail 91714 invoked by alias); 4 May 2017 14:41:34 -0000
Mailing-List: contact overseers-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <overseers.sourceware.org>
List-Archive: <http://sourceware.org/ml/overseers/>
List-Post: <mailto:overseers@sourceware.org>
List-Help: <mailto:overseers-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: overseers-owner@sourceware.org
Received: (qmail 91684 invoked by uid 89); 4 May 2017 14:41:34 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=4.1 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD,SCAM_SUBJECT,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=Hx-languages-length:628, HTo:D*odu.edu, Frank, embargos
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 04 May 2017 14:41:33 +0000
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id 08F113DBDA;	Thu,  4 May 2017 14:41:34 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 08F113DBDA
Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=law@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 08F113DBDA
Received: from localhost.localdomain (ovpn-116-241.phx2.redhat.com [10.3.116.241])	by smtp.corp.redhat.com (Postfix) with ESMTP id 481D517DC8;	Thu,  4 May 2017 14:41:33 +0000 (UTC)
Subject: Re: reporting a security issue in gcc / bugzilla account
To: "Frank Ch. Eigler" <fche@elastic.org>, "Charles A. Morris" <cmorris@cs.odu.edu>
Cc: overseers@gcc.gnu.org, charlesmorris@gmail.com
References: <20170503212542.EB2A9C17CA@sirius> <20170503215838.GA97187@elastic.org>
From: Jeff Law <law@redhat.com>
Message-ID: <ba4e28d0-3693-913d-4847-382605c5f009@redhat.com>
Date: Thu, 04 May 2017 14:41:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.0
MIME-Version: 1.0
In-Reply-To: <20170503215838.GA97187@elastic.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
X-SW-Source: 2017-q2/txt/msg00051.txt.bz2

On 05/03/2017 03:58 PM, Frank Ch. Eigler wrote:
> Hi -
> 
>> I'd like to have a gcc bugzilla account.
> 
> Done, enjoy.
> 
>> That said, I have found a few security issues in gcc.
>> Is there a way to safely report these through bugzilla?
>> What is the preferred point of contact for these types of issues?
> 
> I am not aware of any sort of confidential security contact for gcc.
> Unless you have some reason to believe it's a non-trivial severity
> (CVSS score), maybe might just as well post it publicly.
Right.  We really don't bother with embargos and the like.

Jeff