[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Who should I report source audits too?



Hello,

On Thu, Oct 24, 2002 at 12:16:23AM +0100, Steve Kemp wrote:
>   I've recently started downloading and auditing some of the package
>  sources of random packages which are installed upon the Debian servers
>  at my workplace; with a view to looking for security holes.
I think that this is a very valuable work.  Thank you!

>   Out of the three packages that I've examined thus far I've found one
>  package to be wonderfully written, one to be remotely exploitable[1]
>  and one to crash with a little bit of environmental tweaking[2].
Whatever you choose to do about the vulnerable packages,
you should send some praise to the author of the "wonderfully
written" program :-)

Jochen
-- 
                                         Omm
                                      (0)-(0)
http://www.mathematik.uni-kl.de/~wwwstoch/voss/privat.html

Attachment: pgp9Qq6v0W19S.pgp
Description: PGP signature


Reply to: