|
Message-ID: <546E1482.2080700@mittwald.de> Date: Thu, 20 Nov 2014 17:19:14 +0100 From: Sven Kieske <s.kieske@...twald.de> To: <oss-security@...ts.openwall.com> Subject: Re: Fuzzing project brainstorming -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 20/11/14 16:50, Hanno Böck wrote: > There lays deeper a question that I asked myself already: What's > an "okay" way of reporting these things? Basically what I usually > did is just sending crash samples to upstream devs and add some > valgrind/asan output. One could argue that I'm offloading the real > work to the upstream devs, however I feel they know their code > better than I do (and often I'm just not qualified to create the > fix). Until now I feel most upstreams were okay with that. Maybe it would be worth it to contact the "hydra" devs about this as they provided also reproducing test-cases for the crashes, when reporting to debian? sadly hydra is not open source. - -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJUbhSCAAoJEC5d3lL7/I9ze6AP/0d+zGjckKfIrldv8czlMgvZ bqA6lCrtlz+2GIqXWSIgQVU8miyEB/rPUJTPQQ+upiR9f1Rx3Tym0/w0iKiuhKDm Xh3GJqcrmlYut6HEPz4Mg81HfD6Qr2Yrvzot/GXepDvxBI13HFbu7YGpi4era3bR qJDRjcTaBZnxPPHZpO+49Ih1G8616N1bTjJS4EIU7XlHJIOQygJQtwWx7AVe1CCo ZEBR4jG65C5ulvrBNKc9GT+8SOy6F8JSOg7SevXr7SJBnvDRVtkqNDFTq84M1XCL xGgZTKNdQ9GJIexlVCAoGwpHtMTZ3+dToxolxLlL2ixlyb7vV8UgYtSe1EvdbfMq xvL6Il27lfdYIwQZrK+1C56EugeopXi2b/GLalU71PGXeIIHUws7djpHAjkOj59F yNT8svwkajnSRzkoMwkATu3+eHkvSNhZTZKRYz6RgkovyMS8AOraqDmJCLqfni3l tEzrBUAlmtghAKUWzPpDsoeZ7I96z2zYgdJamSGMdYf81vbDUU202BejpF1gKMTx XM2nS2MS8PNaF7y2w7Nc9FYlo+vM2VaT9hoGbTTo2NjIdrpkyHwmpoI7oZ/n1/kN QF+cjkAu3+lUuMYw2vKvXSUmiuGIpXpwfKti6y7CwyMaYTeuHHgyCU2YVbIqgVNe c1g4fDtUHktAsAHIR56c =Joj1 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.