On Wed, 22 Apr 2020 10:58:33 -0400 Santiago Torres <[email protected]> said:
> On Wed, Apr 22, 2020 at 03:54:13PM +0100, Carsten Haitzler wrote: > > On Wed, 22 Apr 2020 11:02:46 +0200 Matthias Gerstner <[email protected]> > > said: > > > > > > fixed. :) > > Nice turnaround! :) > > > > # Security Vulnerability Process > > > > > > I'm posting these findings here publicly since the Enlightenment project > > > does not document any preferred vulnerability report procedure and does > > > not offer a means of coordinated disclosure. I asked on the > > > Enlightenment freenode IRC channel about the best way to report security > > > issues and I was pointed towards the mailing lists and the issue > > > tracker. > > > > > > From my point of view at least items a), b) and d) deserve a CVE > > > assignment due to the severity of the issues. Even if to my knowledge > > > the code in question wasn't yet part of an official release yet it might > > > help the community to identify risks in their systems. Please tell me > > > whether you want to assign CVEs on your end or whether I should do this. > > > > I'm curious, would it be worthwhile to ask for CVE's? I'm also curious > to know what's the target release for the fixes, so we can track these > in the Arch Linux side :) it's in new unreleased yet code in git master... the point is to not have any CVEs :) -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- Carsten Haitzler - [email protected] _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
