On 11/29/11 9:28 PM, Olle E. Johansson wrote:
29 nov 2011 kl. 18:57 skrev sip-router:
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
A user has added themself to the list of users assigned to this task.
FS#184 - Crash if t_release() is executed after t_relay_to(), when this last
returns -1
User who did this - Iñaki Baz Castillo (ibc)
http://sip-router.org/tracker/index.php?do=details&task_id=184
Now this was caused by bad configuraiton, but if we have had or will have
crashes based on incoming MI, RPC or SIP messages, we should have a routing for
how to handle security fixes in Kamailio. When evaluating open source projects
I always check the security procedures.
Anyone interested in assisting in writing up a document about this we can
publish on the web site and try to follow if we get such an issue? I think we
can happily steal from other projects, so it should not be hard work.
Anyone objecting to implementing a process for handling security incidents?
I have no objection in this regard, any contribution/managing process
that will make usage of the project easier/more attractive for various
people is welcome. The question will be who will take the work (e.g.,
reviewing, categorization, announcements to devels and community, ...).
Personally, I try not to make a difference between bugs, but just try to
solve asap, with priority on how common use case is the situation rising
the bug.
Another question is categorizing 'security bugs' - in my understanding I
consider such bugs when one can gain access to server or
steal/compromise data from/on the server. Chasing situations are not in
this category (IMO).
Cheers
--
Daniel-Constantin Mierla -- http://www.asipto.com
Kamailio Advanced Training, Dec 5-8, Berlin: http://asipto.com/u/kat
http://linkedin.com/in/miconda -- http://twitter.com/miconda
_______________________________________________
sr-dev mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
