[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Calysto v1.5 reports on openldap_v2.4.4alpha



Kurt Zeilenga wrote:

> That said, as I noted above, I might be find one or two cases more
> interesting if they were pulled from the weeds.  If you have some urgent
> need to have one or two examined soon, I suggest you do the pulling.

Also, since discovering potential bugs in an automated manner does not
allow to directly figure out their impact, posting them to a public list
could either

1) cause security issues in case of real, yet undiscovered
vulnerabilities.  In this case, publicity should occur only __after__
the issue has been fixed and the fix released.

2) generate confusion in case of false positives.

For this purpose, the ITS allows to mark submissions as PRIVATE.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------