Re: help wanted - bring more issues in here

[Katherine Mcmillan <kmcmi046 () uottawa ca>]

Hello Alexander,

I would be interested in helping with this.  Recently, I have brought a security flaw in the Wacom One driver to 
different communities' attention (as well as how to overcome it with 'Linux for the Wacom One' substitutions), the 
AI/LLM ASCII vulnerability here (ArtPrompt): 
https://medium.com/predict/hacking-chatgpt-the-ascii-art-jailbreak-unveiled-9efb0648cd0f, and the firmware 
vulnerability here (LogoFail, back in December): 
https://www.scmagazine.com/news/logofail-vulnerabilities-may-affect-95-of-computers-researchers-say.

I am a big fan of creative exploits and solutions.  I'm more deeply involved with *BSD than Linux.

Thank you for considering,
Katie
________________________________
From: Solar Designer <solar () openwall com>
Sent: 07 March 2024 16:56
To: oss-security () lists openwall com <oss-security () lists openwall com>
Subject: [oss-security] help wanted - bring more issues in here

Attention : courriel externe | external email

Hi,

We have this contributing back task not requiring (linux-)distros
membership:

https://oss-security.openwall.org/wiki/mailing-lists/distros#contributing-back

Administrative tasks mostly unrelated to (linux-)distros lists (but
relevant to the wider community)
[...]
3. Monitor for Open Source security issues/topics published elsewhere,
identify which of these would fit, and bring them to oss-security -
primary: Oracle Solaris, backup: vacant

Alan Coopersmith of Oracle Solaris does a good job at this task.  Thank
you, Alan!  However, this task needs more than one person's involvement.
I'd appreciate it if others volunteer for it as well - both a second
distro (as you can see, that spot is now vacant) and anyone else who's
capable and willing to help.

I'd also appreciate volunteers for just the third sub-task.  I happen to
notice many "Open Source security issues/topics published elsewhere" and
"identify which of these would fit", but I rarely have time to write
them up for posting to oss-security.  So if some of you volunteer for
producing proper self-contained oss-security posting out of references
to issues published elsewhere, I could simply be forwarding the links
and raw material to you, for you to process and post.  In some cases,
this can be as simple as extracting a posting from another mailing
list's archive, with proper attribution and including a link too.  In
other cases, it's trickier.  I'll provide initial guidance.  Anyone?

I guess many others in here also often come across more issues suitable
for oss-security, and also don't have time.  So assuming that enough
people volunteer for the third "process and post" sub-task, please feel
free to also volunteer for the first two sub-tasks.

Thanks,

Alexander