Reporting security bugs
sebastian at centricular.com
Sun Dec 21 09:33:05 PST 2014
On So, 2014-12-21 at 20:50 +0400, Shnatsel . wrote:
> Hello everyone!
> I have discovered a bug in GStreamer 1.2.x that may present a
> denial-of-service vulnerability. I'd like to report it to GStreamer
> developers, but bugzilla does not seem to have a "private bug" option,
> and I don't think it's wise to disclose it publicly at this time.
> What is the preferred way to report security bugs in GStreamer?
when reporting bugs on http://bugzilla.gnome.org you have the option to
make it only visible to the GStreamer developers. This is a checkbox at
the very bottom, which only becomes visible if you click on the "Show
Advanced Fields" link at the top. Not very intuitive unfortunately...
Sebastian Dröge, Centricular Ltd · http://www.centricular.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: This is a digitally signed message part
More information about the gstreamer-devel