Reporting security vulnerability
sidnioulz at gmail.com
Sun Jun 2 22:51:40 CEST 2013
In these cases it's always better to not give any details about the bug on
a mailing list. If people were actively looking for ways to attack an XFCE
computer, they must have just been given a hint about something. I would
recommend you privately email the main developers of the concerned package.
2013/6/2 Shuhao <shuhao at shuhaowu.com>
> I've discovered a medium level security vulnerability in XFCE and I'm not
> sure where I can safely report it. I don't see the option to mark the bug
> as confidential or as a security issue in Bugzilla.
> The bug is very easy to exploit (however only if you have access to the
> machine, which makes it non-critical) and is able to bypass the lock
> screen. There is a workaround available but it is uncommonly done (imo).
> The bug should also be relatively easy to fix though I do not know enough
> of the XFCE codebase to tell.
> Any pointers would be helpful.
> Xfce4-dev mailing list
> Xfce4-dev at xfce.org
PhD Student in Information Security
University College London
Free Software Developer
OpenPGP : 1B6B1670
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Xfce4-dev