Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Help with reporting

from [Andy Lindeman] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Help with reporting
Date: Wed, 30 Nov 2005 10:22:49 -0600 
It would probably be the most socially responsible to report the bug
to security@php.net first and allow them to assist in fixing it and
putting out an advisory (they would almost certainly be amenable to
crediting you with finding it, if this is important to you)

As a quote from http://bugs.php.net/report.php:

"If you feel this bug concerns a security issue, eg a buffer overflow,
weak encryption, etc, then email security@php.net who will assess the
situation."

--A

On 11/30/05, Dr HenDre <drhendre@gmail.com> wrote:

Hi list,

I've been following this list for quite a while now and finally i can
contribute something.
I think (i'm pretty sure) I've found a security bug in php, though I
not at all familiar with reporting bugs to the vendor and to the list.
So I'm looking for someone who can lead me the way.

Thanks,
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Help with reporting, Dr HenDre
Next by Date:  Re: [Full-disclosure] Google Talk cleartext credentials in processmemory, Kurt Grutzmacher
Previous by Thread:  [Full-disclosure] Help with reporting, Dr HenDre
Next by Thread:  Re: [Full-disclosure] Help with reporting, InfoSecBOFH
Indexes:  [Date] [Thread] [Top] [All Lists]