Обсуждение: Reporting a security hole

Поиск
Список
Период
Сортировка

Reporting a security hole

От
ken@coverity.com
Дата:
I work at Coverity where we make a static analysis tool to find bugs in
software at compile time.  I think I found a security hole in
postgresql-7.4.1, but I don't want to just report it to a public list.  I
sent email to security@postgresql.org, hoping that the address existed,
but I got no response.

So where can I report a potential security hole?

thanks,
Ken Ashcraft

Re: Reporting a security hole

От
Bruce Momjian
Дата:
You can send it to core@postgresql.org, but I already saw your report on
the hackers list.

---------------------------------------------------------------------------

ken@coverity.com wrote:
> I work at Coverity where we make a static analysis tool to find bugs in
> software at compile time.  I think I found a security hole in
> postgresql-7.4.1, but I don't want to just report it to a public list.  I
> sent email to security@postgresql.org, hoping that the address existed,
> but I got no response.
> 
> So where can I report a potential security hole?
> 
> thanks,
> Ken Ashcraft
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
> 
>                http://archives.postgresql.org
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073

Re: Reporting a security hole

От
Bruce Momjian
Дата:
ken@coverity.com wrote:
> I work at Coverity where we make a static analysis tool to find bugs in
> software at compile time.  I think I found a security hole in
> postgresql-7.4.1, but I don't want to just report it to a public list.  I
> sent email to security@postgresql.org, hoping that the address existed,
> but I got no response.
> 
> So where can I report a potential security hole?

I have replied to the detailed message on the core list and the security
list (not sure who that is).  We are researching it.

From my initial review, it is something that needs cleaning up, but is
not a major security issue, I think.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073