Reporting security vulnerability

Justin R. Andrusk jandrusk at gmail.com
Thu Jun 6 23:37:11 CEST 2013


I do wonder if this would get the same level of classification that a like security vulnerability in Ubuntu would get. Process should be the same. Report it as a bug without giving the details in the bug report. You may even want to submit a patch yourself if you can.

Justin

On Sun, Jun 02, 2013 at 01:38:51PM -0700, Shuhao wrote:
> Hi,
> 
> I've discovered a medium level security vulnerability in XFCE and
> I'm not sure where I can safely report it. I don't see the option to
> mark the bug as confidential or as a security issue in Bugzilla.
> 
> The bug is very easy to exploit (however only if you have access to
> the machine, which makes it non-critical) and is able to bypass the
> lock screen. There is a workaround available but it is uncommonly
> done (imo). The bug should also be relatively easy to fix though I
> do not know enough of the XFCE codebase to tell.
> 
> Any pointers would be helpful.
> 
> Cheers,
> Shuhao
> _______________________________________________
> Xfce4-dev mailing list
> Xfce4-dev at xfce.org
> https://mail.xfce.org/mailman/listinfo/xfce4-dev


More information about the Xfce4-dev mailing list