Reporting security vulnerability
Shuhao
shuhao at shuhaowu.com
Mon Jun 3 00:12:34 CEST 2013
That sounds good.
Thanks.
Shuhao
On 13-06-02 01:51 PM, Steve Dodier-Lazaro wrote:
> Hi Shuhao,
>
> In these cases it's always better to not give any details about the bug on
> a mailing list. If people were actively looking for ways to attack an XFCE
> computer, they must have just been given a hint about something. I would
> recommend you privately email the main developers of the concerned package.
>
> Regards,
>
>
> 2013/6/2 Shuhao <shuhao at shuhaowu.com>
>
>> Hi,
>>
>> I've discovered a medium level security vulnerability in XFCE and I'm not
>> sure where I can safely report it. I don't see the option to mark the bug
>> as confidential or as a security issue in Bugzilla.
>>
>> The bug is very easy to exploit (however only if you have access to the
>> machine, which makes it non-critical) and is able to bypass the lock
>> screen. There is a workaround available but it is uncommonly done (imo).
>> The bug should also be relatively easy to fix though I do not know enough
>> of the XFCE codebase to tell.
>>
>> Any pointers would be helpful.
>>
>> Cheers,
>> Shuhao
>> ______________________________**_________________
>> Xfce4-dev mailing list
>> Xfce4-dev at xfce.org
>> https://mail.xfce.org/mailman/**listinfo/xfce4-dev<https://mail.xfce.org/mailman/listinfo/xfce4-dev>
>>
>
>
>
More information about the Xfce4-dev
mailing list