Re: suggestion for Contribute page
* Gunter Königsmann <gunter@peterpall.de> [2016-07-10 19:17:26 CEST]:
> And I am never sure where "security related problems" begin, neither: If
> I find a missing rangecheck in the file loading function of a gui
> application and if I fixed this upstream - do I automatically need to
> make a security upload as there might be some way to exploit this somehow?
If upstream consider this a security issue they probably should request
a CVE about it which in turn makes it clear that it is a security
upload. If the CVE is denied it still might be a severe issue which
could potentially rectify a fast tracking of the upload, but that
shouldn't be done without prior communication.
Does this help?
Rhonda
--
Fühlst du dich mutlos, fass endlich Mut, los |
Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los |
Reply to: