[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Who should I report source audits too?


On Thu, Oct 24, 2002 at 12:16:23AM +0100, Steve Kemp wrote:
>   I've recently started downloading and auditing some of the package
>  sources of random packages which are installed upon the Debian servers
>  at my workplace; with a view to looking for security holes.
I think that this is a very valuable work.  Thank you!

>   Out of the three packages that I've examined thus far I've found one
>  package to be wonderfully written, one to be remotely exploitable[1]
>  and one to crash with a little bit of environmental tweaking[2].
Whatever you choose to do about the vulnerable packages,
you should send some praise to the author of the "wonderfully
written" program :-)


Attachment: pgp1IDKxCOzFn.pgp
Description: PGP signature

Reply to: