On Wed, Feb 19, 2014 at 08:58:49PM +0000, Harry Metcalfe wrote: > Hi Seth, > > There really isn't time for us to do that, in the context of an > inspection. It's a very light-touch assessment. > > When we find vulnerabilities we do also report those, after working > with the vendor. And they are more detailed. For example: > > https://security.dxw.com/advisories/moving-any-file-php-user-has-access-to-in-bp-group-documents-1-2-1/ > > Harry People behind plugins@xxxxxxxxxxxxx can help you with coordination. They can also disable plugins so that there won't be new installations before maintainer fixes issues. Note that security@ address should not be contacted when dealing with plugin issues. It is important to get vulnerabilities fixed in upstream codebase. I can also help you with communication, verification and such in my own time. --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/