Re: Who should I report source audits too?

To: debian-devel@lists.debian.org
Subject: Re: Who should I report source audits too?
From: Matt Zimmerman <mdz@debian.org>
Date: Thu, 24 Oct 2002 13:53:29 -0400
Message-id: <[🔎] 20021024175329.GN28169@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20021024084804.GA7710@tatonka.pfalz.de>
References: <[🔎] Pine.LNX.4.44.0210231615001.23827-100000@samadhi.braincells.com> <[🔎] 87adl4svmn.fsf@xyzzy.adsl.dk> <[🔎] 20021024001622.A21236@tardis.ed.ac.uk> <[🔎] 20021024084804.GA7710@tatonka.pfalz.de>

On Thu, Oct 24, 2002 at 10:48:05AM +0200, Jochen Voss wrote:

> On Thu, Oct 24, 2002 at 12:16:23AM +0100, Steve Kemp wrote:
> >   I've recently started downloading and auditing some of the package
> >  sources of random packages which are installed upon the Debian servers
> >  at my workplace; with a view to looking for security holes.
> I think that this is a very valuable work.  Thank you!

Agreed.

> >   Out of the three packages that I've examined thus far I've found one
> >  package to be wonderfully written, one to be remotely exploitable[1]
> >  and one to crash with a little bit of environmental tweaking[2].

You should contact the maintainer of the affected package.  If they do not
respond, feel free to contact me personally.

-- 
 - mdz

Reply to:

References:
- Re: [desktop] ximian-setup-tools vs webmin
  - From: "Jaldhar H. Vyas" <jaldhar@debian.org>
- Re: [desktop] ximian-setup-tools vs webmin
  - From: Peter Makholm <peter@makholm.net>
- Who should I report source audits too?
  - From: Steve Kemp <skx@tardis.ed.ac.uk>
- Re: Who should I report source audits too?
  - From: Jochen Voss <jvoss2@web.de>

Prev by Date: Re: non-pristine sources under pool/
Next by Date: Re: why kde and gnome's menu situation sucks
Previous by thread: Re: Who should I report source audits too?
Next by thread: Re: Who should I report source audits too?
Index(es):
- Date
- Thread