On Wed, Apr 22, 2020 at 03:54:13PM +0100, Carsten Haitzler wrote: > On Wed, 22 Apr 2020 11:02:46 +0200 Matthias Gerstner <[email protected]> said: > > > fixed. :)
Nice turnaround! :) > > # Security Vulnerability Process > > > > I'm posting these findings here publicly since the Enlightenment project > > does not document any preferred vulnerability report procedure and does > > not offer a means of coordinated disclosure. I asked on the > > Enlightenment freenode IRC channel about the best way to report security > > issues and I was pointed towards the mailing lists and the issue > > tracker. > > > > From my point of view at least items a), b) and d) deserve a CVE > > assignment due to the severity of the issues. Even if to my knowledge > > the code in question wasn't yet part of an official release yet it might > > help the community to identify risks in their systems. Please tell me > > whether you want to assign CVEs on your end or whether I should do this. > > I'm curious, would it be worthwhile to ask for CVE's? I'm also curious to know what's the target release for the fixes, so we can track these in the Arch Linux side :) Thank you! -Santiago
signature.asc
Description: PGP signature
_______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
