[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Help with reporting



Or you could just report the bug to the list...

Kind regards,

Jeroen van Meeuwen

--
kanarip


> It would probably be the most socially responsible to report the bug
> to security@xxxxxxx first and allow them to assist in fixing it and
> putting out an advisory (they would almost certainly be amenable to
> crediting you with finding it, if this is important to you)
> 
> As a quote from http://bugs.php.net/report.php:
> 
> "If you feel this bug concerns a security issue, eg a buffer overflow,
> weak encryption, etc, then email security@xxxxxxx who will assess the
> situation."
> 
> --A
> 
> On 11/30/05, Dr HenDre <drhendre@xxxxxxxxx> wrote:
> > Hi list,
> >
> > I've been following this list for quite a while now and finally i can
> > contribute something.
> > I think (i'm pretty sure) I've found a security bug in php, though I
> > not at all familiar with reporting bugs to the vendor and to the list.
> > So I'm looking for someone who can lead me the way.
> >
> > Thanks,

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/