Re: Who should I report source audits too?
On Thu, Oct 24, 2002 at 10:48:05AM +0200, Jochen Voss wrote:
> On Thu, Oct 24, 2002 at 12:16:23AM +0100, Steve Kemp wrote:
> > I've recently started downloading and auditing some of the package
> > sources of random packages which are installed upon the Debian servers
> > at my workplace; with a view to looking for security holes.
> I think that this is a very valuable work. Thank you!
Agreed.
> > Out of the three packages that I've examined thus far I've found one
> > package to be wonderfully written, one to be remotely exploitable[1]
> > and one to crash with a little bit of environmental tweaking[2].
You should contact the maintainer of the affected package. If they do not
respond, feel free to contact me personally.
--
- mdz
Reply to: