Hi Norman, I've sent an email with a proposed patch to [email protected].
/ptw > Hello Piotr, > > On 05.11.20 14:00, Piotr Tworek wrote: > > I've recently stumbled upon a use-after-free bug in one of the > > Genode > > core base classes. I think I have a pretty good understanding of > > the > > problem and would like to fill a bug report with my findings. Given > > the > > potential security implications of UAF type bugs I'm not sure what > > it > > the best course of action here. Should I report this using github > > issue > > tracker which AFAIU will result in the report being public? Or is > > there > > some other way to report bugs like this? > > I greatly appreciate your sense of responsibility. > > In cases like this, when the reach of the problem is uncertain, > please > let us first discuss the issue privately by writing to > '[email protected]'. > > All developers at Genode Labs can follow and participate in the > discussion, and contribute to the assessment of risk and the further > coordination. > > Best regards > Norman > _______________________________________________ Genode users mailing list [email protected] https://lists.genode.org/listinfo/users
