Reporting security vulnerability
Nick Schermer
nick at xfce.org
Mon Jun 3 09:09:15 CEST 2013
You van contact me for this.
Nick
Op 3 jun. 2013 00:12 schreef "Shuhao" <shuhao at shuhaowu.com> het volgende:
>
> That sounds good.
>
> Thanks.
> Shuhao
>
>
> On 13-06-02 01:51 PM, Steve Dodier-Lazaro wrote:
>>
>> Hi Shuhao,
>>
>> In these cases it's always better to not give any details about the bug
on
>> a mailing list. If people were actively looking for ways to attack an
XFCE
>> computer, they must have just been given a hint about something. I would
>> recommend you privately email the main developers of the concerned
package.
>>
>> Regards,
>>
>>
>> 2013/6/2 Shuhao <shuhao at shuhaowu.com>
>>
>>> Hi,
>>>
>>> I've discovered a medium level security vulnerability in XFCE and I'm
not
>>> sure where I can safely report it. I don't see the option to mark the
bug
>>> as confidential or as a security issue in Bugzilla.
>>>
>>> The bug is very easy to exploit (however only if you have access to the
>>> machine, which makes it non-critical) and is able to bypass the lock
>>> screen. There is a workaround available but it is uncommonly done (imo).
>>> The bug should also be relatively easy to fix though I do not know
enough
>>> of the XFCE codebase to tell.
>>>
>>> Any pointers would be helpful.
>>>
>>> Cheers,
>>> Shuhao
>>> ______________________________**_________________
>>> Xfce4-dev mailing list
>>> Xfce4-dev at xfce.org
>>> https://mail.xfce.org/mailman/**listinfo/xfce4-dev<
https://mail.xfce.org/mailman/listinfo/xfce4-dev>
>>>
>>
>>
>>
> _______________________________________________
> Xfce4-dev mailing list
> Xfce4-dev at xfce.org
> https://mail.xfce.org/mailman/listinfo/xfce4-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.xfce.org/pipermail/xfce4-dev/attachments/20130603/b7220620/attachment.html>
More information about the Xfce4-dev
mailing list