Reporting security vulnerability
nick at xfce.org
Mon Jun 3 09:09:15 CEST 2013
You van contact me for this.
Op 3 jun. 2013 00:12 schreef "Shuhao" <shuhao at shuhaowu.com> het volgende:
> That sounds good.
> On 13-06-02 01:51 PM, Steve Dodier-Lazaro wrote:
>> Hi Shuhao,
>> In these cases it's always better to not give any details about the bug
>> a mailing list. If people were actively looking for ways to attack an
>> computer, they must have just been given a hint about something. I would
>> recommend you privately email the main developers of the concerned
>> 2013/6/2 Shuhao <shuhao at shuhaowu.com>
>>> I've discovered a medium level security vulnerability in XFCE and I'm
>>> sure where I can safely report it. I don't see the option to mark the
>>> as confidential or as a security issue in Bugzilla.
>>> The bug is very easy to exploit (however only if you have access to the
>>> machine, which makes it non-critical) and is able to bypass the lock
>>> screen. There is a workaround available but it is uncommonly done (imo).
>>> The bug should also be relatively easy to fix though I do not know
>>> of the XFCE codebase to tell.
>>> Any pointers would be helpful.
>>> Xfce4-dev mailing list
>>> Xfce4-dev at xfce.org
> Xfce4-dev mailing list
> Xfce4-dev at xfce.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Xfce4-dev