Reporting security bugs
Sebastian Dröge
sebastian at centricular.com
Sun Dec 21 09:33:05 PST 2014
On So, 2014-12-21 at 20:50 +0400, Shnatsel . wrote:
> Hello everyone!
>
> I have discovered a bug in GStreamer 1.2.x that may present a
> denial-of-service vulnerability. I'd like to report it to GStreamer
> developers, but bugzilla does not seem to have a "private bug" option,
> and I don't think it's wise to disclose it publicly at this time.
>
> What is the preferred way to report security bugs in GStreamer?
Hi,
when reporting bugs on http://bugzilla.gnome.org you have the option to
make it only visible to the GStreamer developers. This is a checkbox at
the very bottom, which only becomes visible if you click on the "Show
Advanced Fields" link at the top. Not very intuitive unfortunately...
--
Sebastian Dröge, Centricular Ltd · http://www.centricular.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freedesktop.org/archives/gstreamer-devel/attachments/20141221/f9247640/attachment.sig>
More information about the gstreamer-devel
mailing list