On Fri, May 07, 2021 at 05:47:51PM -0700, SyzScope wrote: > This is SyzScope, a research project that aims to reveal high-risk > primitives from a low-risk bug.
Hello, this is pretty cool stuff. Continuing on 'executing' beyond the point when ASAN has given up has given some pretty cool results. I think the best way to get the most benefit out of this work is to prioritize requesting CVEs for these issues with the Google CNA. Having these additional details clearly visible to everybody using the CVE infrastructure would benefit not only Ubuntu but also all our friends in the other distributions. There's two Google CNAs registered with the CVE project: https://cve.mitre.org/cve/request_id.html android-cna-t...@google.com secur...@google.com I'll be honest, I don't know which CNA would be better; you may need to discuss the project with both in order to figure out how to best handle the work. Thanks
signature.asc
Description: PGP signature
-- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
