Reporting bugs

Mark Doliner mark at kingant.net
Sun Jan 12 17:36:14 EST 2014


Hi Matt. We're finally working on putting together the 2.10.8 release
which will include the fix for this. Just want to share some
information to keep you in the loop--please let us know if you have
suggestions or objections. We plan to request a CVE for this from our
contact at Red Hat sometime in the next three days. We'll set an
embargo date of probably Jan 23. We'll inform various Linux
distributions and provide them a patch on a private mailing list and
request that they not disclose anything publicly until after the
embargo date.

Questions for you:
- Are you ok with us crediting you (in our ChangeLog, vulnerability
posting at https://pidgin.im/news/security/, and in our request for
CVE numbers) for finding this problem?
- If so, how should we credit you? "Discovered by Matt Jones"?
"Discovered by Volvent"? "Discovered by Matt Jones, Volvent"?

Thanks,
Mark


More information about the security mailing list