Hello Piotr, On 05.11.20 14:00, Piotr Tworek wrote: > I've recently stumbled upon a use-after-free bug in one of the Genode > core base classes. I think I have a pretty good understanding of the > problem and would like to fill a bug report with my findings. Given the > potential security implications of UAF type bugs I'm not sure what it > the best course of action here. Should I report this using github issue > tracker which AFAIU will result in the report being public? Or is there > some other way to report bugs like this?
I greatly appreciate your sense of responsibility. In cases like this, when the reach of the problem is uncertain, please let us first discuss the issue privately by writing to '[email protected]'. All developers at Genode Labs can follow and participate in the discussion, and contribute to the assessment of risk and the further coordination. Best regards Norman -- Dr.-Ing. Norman Feske Genode Labs https://www.genode-labs.com · https://genode.org Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth _______________________________________________ Genode users mailing list [email protected] https://lists.genode.org/listinfo/users
