[Fwd: Re: Any guidelines for security related bug reports?]

[Andrey Romanov]

Hello Steve, I've just seen, that last Friday the new version of OpenSSL has been released, which fixes this bug. Remains a small memory leak, however. So please discard my bug report. Best regards, Andrey -------- Messaggio Originale -------- Oggetto: Re: Any guidelines for security related bug reports? Data: Tue, 03 Oct 2006 19:09:17 +0200 Da: Andrey Romanov <[EMAIL PROTECTED]> A: openssl-dev@openssl.org Referenze: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Good evening Steve, Ok, I've emailed the report to your private mail address taken from your home page. Looking forward to your feedback. Andrey. Dr. Stephen Henson ha scritto: On Tue, Oct 03, 2006, Andrey Romanov wrote: Hello here! I think, I have found a pretty significant security-related bug in OpenSSL library. What are the guidelines for reporting them? Should I post it directly on the mailing list? Or to provide the info to maintainer first? These can be passed to a member of the dev team in the first instance, me for example. Then after any issue has been analysed we'll get back to you. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]