oss-sec mailing list archives
Re: MaraDNS 1.4.06 and 1.3.07.11 released
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 31 Jan 2011 12:00:54 +0100
Hi Sam! On Sat, 29 Jan 2011 22:21:08 -0700 Sam Trenholme wrote:
I would like to thank Mr. Witold Baryluk for pointing out this issue, taking the time to backtrace the bug, and for bringing it to my attention by posting to the MaraDNS mailing list. However, I need to let him know that making this public by filing a public Debian bug without first trying to contact me is not the appropriate way to handle a security problem with MaraDNS. The appropriate way to do so is via private email. My email address is here: http://samiam.org/mailme.php
I think it may be a good idea to have this preferred way of receiving security reports for MaraDNS documented on the project web site in a way that does not make it hard to find. I took a quick look at the maradns.org web to see what contact info I can find as someone who may want to report a security flaw, but does not have any closer relationship with project's upstream or community. The main page suggests using mailing list for bug reports. There is the contact.html page that does document what to do when reporting security issue, but the page does not seem to be linked from other pages (I noticed it thanks to the web site copy bundled in the maradns source tarball). There's a link from sponsors.html, but that page is no longer linked from the site menu. So while the info is there, I don't see an easy way to find it by following links from the main page. Maybe that's something you may want to change. Just my 2c, HTH. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- MaraDNS 1.4.06 and 1.3.07.11 released Sam Trenholme (Jan 29)
- Re: MaraDNS 1.4.06 and 1.3.07.11 released Tomas Hoger (Jan 31)
- Re: MaraDNS 1.4.06 and 1.3.07.11 released Vincent Danen (Mar 18)
- Re: MaraDNS 1.4.06 and 1.3.07.11 released Raphael Geissert (Mar 18)
- Re: MaraDNS 1.4.06 and 1.3.07.11 released Vincent Danen (Mar 18)
- Re: MaraDNS 1.4.06 and 1.3.07.11 released Raphael Geissert (Mar 18)