On Sun, Aug 27, 2017 at 04:18:46PM -0700, Ben Pfaff wrote:
Thanks for reporting a number of bugs related to vulnerabilities in PSPP
lately. However, so far you have only reported these bugs downstream,
to Red Hat and SuSE. Please first report them to the project itself
directly, at [email protected] or via http://sv.gnu.org/p/pspp, or if
you believe that they are serious vulnerabilities then privately to me
or to John Darrington <[email protected]>. This will allow
the bugs to be fixed more quickly since the PSPP developers find out
about them immediately, not just from downstream packagers.
Also, I think that describing these bugs as "remote denial of service" vectors,
is a little exaggerated. As I see it, the worst that can happen is that cause
is that PSPP will crash when presented with specially crafted files.
But thanks for identifying and reporting these issues anyway.
J'
--
Avoid eavesdropping. Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
signature.asc
Description: Digital signature
_______________________________________________ pspp-dev mailing list [email protected] https://lists.gnu.org/mailman/listinfo/pspp-dev
