Reporting security bugs

Sebastian Dröge sebastian at
Sun Dec 21 09:33:05 PST 2014

On So, 2014-12-21 at 20:50 +0400, Shnatsel . wrote:
> Hello everyone!
> I have discovered a bug in GStreamer 1.2.x that may present a
> denial-of-service vulnerability. I'd like to report it to GStreamer
> developers, but bugzilla does not seem to have a "private bug" option,
> and I don't think it's wise to disclose it publicly at this time.
> What is the preferred way to report security bugs in GStreamer?


when reporting bugs on you have the option to
make it only visible to the GStreamer developers. This is a checkbox at
the very bottom, which only becomes visible if you click on the "Show
Advanced Fields" link at the top. Not very intuitive unfortunately...

Sebastian Dröge, Centricular Ltd ·
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the gstreamer-devel mailing list