|
|
Boost : |
From: Jeremy Murphy (jeremy.william.murphy_at_[hidden])
Date: 2024-04-13 09:52:21
Maybe the question I should be asking is, is there a private Boost mailing
list exactly for dealing with security issues before they're made public?
If so, I need to get on it!
On Sat, 13 Apr 2024, 7:41 pm Jeremy Murphy, <jeremy.william.murphy_at_[hidden]>
wrote:
> Not sure if you didn't read my email carefully or I didn't explain it
> well, but I don't have time to fix them, I'm asking for advice on how to
> balance requesting help from the community to fix them with not divulging
> the issues to the public.
> The least cautious course of action might be: open bug reports for all the
> security issues and explicitly mention them on this list.
> The more cautious course of action would be to have a private discussion
> with members of the community to resolve the issues without any public
> discussion.
> On that note, I guess I'll just start off cautious: if you have time to
> fix some bugs and have at least some standing in the community so that I
> know that you're not a bad actor, please contact me.
> Thanks, cheers.
> Jeremy
>
>
> On Sat, 13 Apr 2024, 5:47 pm Artyom Beilis via Boost, <
> boost_at_[hidden]> wrote:
>
>> Fix them now. Security issues are ones you fix immediately.
>> I assume the situation comes from some improper external files handling
>> that can lead to potential exploits.
>> If you can't try to work with projects that reported them on fixing.
>>
>> I had several urgent fixes, one in Boost.Locale due to improper UTF-8
>> handling. It was actually
>> taken very seriously and patched back to many distros.
>>
>> Artyom
>>
>>
>> On Sat, Apr 13, 2024 at 9:59 AM Jeremy Murphy via Boost <
>> boost_at_[hidden]> wrote:
>>
>> > What
>> > should I do?
>> >
>> >
>>
>> _______________________________________________
>> Unsubscribe & other changes:
>> http://lists.boost.org/mailman/listinfo.cgi/boost
>>
>
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk