The security issue is not so critical (it's in a seldom-used protocol
family that isn't used unless it's explicitly written out in the config
file), and to the best of my knowledge (I searched for it on google),
I'm the only one who seems to be using it. Should I disclose it here?
Also, I'm just an observer, I don't have write access to the website.
Peter
On 7/20/21 1:48 AM, Lukas Tribus wrote:
Hello,
On Tue, 20 Jul 2021 at 08:13, Peter Jin <[email protected]> wrote:
2. There is a stack buffer overflow found in one of the files. Not
disclosing it here because this email will end up on the public mailing
list. If there is a "security" email address I could disclose it to,
what is it?
It's [email protected], it's somehow well hidden in doc/intro.txt
(that is the *starter* guide).
I would definitely suggest putting it on the website haproxy.org, and
in the repository move it to a different file, like MAINTAINERS.
Lukas
