Bug#646156: pu: package xorg-server/2:1.7.7-14
On Sat, Oct 29, 2011 at 03:03:49PM -0400, Michael Gilbert wrote:
> > On Sat, Oct 29, 2011 at 13:38:47 -0400, Michael Gilbert wrote:
> >> On Fri, Oct 21, 2011 at 3:12 PM, Julien Cristau wrote:
> >> I wonder if at least this one should be treated with a real urgency?
> >> On the surface its an info disclosure issue, which tend to be very low
> >> urgency, but it's a pretty bad once since its actually a disclosure of
> >> any file on the system (e.g. /etc/shadown), and there is an existing
> >> poc exploit:
> >> http://vladz.devzero.fr/Xorg-CVE-2011-4029.txt
> > Moritz said "use p-u", I'm not going to second-guess him.
> This was before the real impact of the issue was clear (I believe),
> and definitely before the exploit code existed. Personally, I think
> this needs to get out to squeeze users ASAP.
Sorry for disclosing the exploit but for your information, when I
discovered this vulnerability, the first thing I did is to send an email
to email@example.com, it contained a full description and the PoC
(exploit) you are talking about (encrypted mail sent on Oct 9th 2011).
I never get any feedback.
Is firstname.lastname@example.org still the good way to report vulnerabilities?