Reporting security vulnerability
shuhao at shuhaowu.com
Sun Jun 2 22:38:51 CEST 2013
I've discovered a medium level security vulnerability in XFCE and I'm
not sure where I can safely report it. I don't see the option to mark
the bug as confidential or as a security issue in Bugzilla.
The bug is very easy to exploit (however only if you have access to the
machine, which makes it non-critical) and is able to bypass the lock
screen. There is a workaround available but it is uncommonly done (imo).
The bug should also be relatively easy to fix though I do not know
enough of the XFCE codebase to tell.
Any pointers would be helpful.
More information about the Xfce4-dev