[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [tinydtls-dev] Vulnerability report against Eclipse TinyDTLS
|
Hi Wayne,
On 2021-08-16, Wayne Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> There is an open vulnerability report registered against the project
> code. Note that the issue is currently marked confidential and so is
> only accessible by committers.
Thanks for pointing this out. At a quick glance, this is one of the
issues raised in the Github issue tracker as well (and addressed through
PR). So much for confidentiality.
> I need project committers to have a look at the report and determine
> if it correctly identifies a vulnerability. If yes, then you need to
> determine when the correct time is to assign a CVE and disclose the
> vulnerability. The Eclipse Foundation's practices regarding mitigation
> of vulnerabilities is captured in the handbook.
Yes, will do. Currently I am on vacation and will handle it after my
return.
Grüße
Olaf