Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID:
 <YT2PR01MB9827A6400BB63C5452D163CFE8202@YT2PR01MB9827.CANPRD01.PROD.OUTLOOK.COM>
Date: Thu, 7 Mar 2024 22:11:04 +0000
From: Katherine Mcmillan <kmcmi046@...tawa.ca>
To: "solar@...nwall.com" <solar@...nwall.com>
CC: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: help wanted - bring more issues in here

Hello Alexander,

I would be interested in helping with this.  Recently, I have brought a security flaw in the Wacom One driver to different communities' attention (as well as how to overcome it with 'Linux for the Wacom One' substitutions), the AI/LLM ASCII vulnerability here (ArtPrompt): https://medium.com/predict/hacking-chatgpt-the-ascii-art-jailbreak-unveiled-9efb0648cd0f, and the firmware vulnerability here (LogoFail, back in December): https://www.scmagazine.com/news/logofail-vulnerabilities-may-affect-95-of-computers-researchers-say.

I am a big fan of creative exploits and solutions.  I'm more deeply involved with *BSD than Linux.

Thank you for considering,
Katie
________________________________
From: Solar Designer <solar@...nwall.com>
Sent: 07 March 2024 16:56
To: oss-security@...ts.openwall.com <oss-security@...ts.openwall.com>
Subject: [oss-security] help wanted - bring more issues in here

Attention : courriel externe | external email

Hi,

We have this contributing back task not requiring (linux-)distros
membership:

https://oss-security.openwall.org/wiki/mailing-lists/distros#contributing-back

Administrative tasks mostly unrelated to (linux-)distros lists (but
relevant to the wider community)
[...]
3. Monitor for Open Source security issues/topics published elsewhere,
identify which of these would fit, and bring them to oss-security -
primary: Oracle Solaris, backup: vacant

Alan Coopersmith of Oracle Solaris does a good job at this task.  Thank
you, Alan!  However, this task needs more than one person's involvement.
I'd appreciate it if others volunteer for it as well - both a second
distro (as you can see, that spot is now vacant) and anyone else who's
capable and willing to help.

I'd also appreciate volunteers for just the third sub-task.  I happen to
notice many "Open Source security issues/topics published elsewhere" and
"identify which of these would fit", but I rarely have time to write
them up for posting to oss-security.  So if some of you volunteer for
producing proper self-contained oss-security posting out of references
to issues published elsewhere, I could simply be forwarding the links
and raw material to you, for you to process and post.  In some cases,
this can be as simple as extracting a posting from another mailing
list's archive, with proper attribution and including a link too.  In
other cases, it's trickier.  I'll provide initial guidance.  Anyone?

I guess many others in here also often come across more issues suitable
for oss-security, and also don't have time.  So assuming that enough
people volunteer for the third "process and post" sub-task, please feel
free to also volunteer for the first two sub-tasks.

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.