Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

About security issues #603

Open
the-Chain-Warden-thresh opened this issue Mar 15, 2024 · 2 comments
Open

About security issues #603

the-Chain-Warden-thresh opened this issue Mar 15, 2024 · 2 comments

Comments

@the-Chain-Warden-thresh
Copy link

According to SECURITY.md, suspected security vulnerabilities can be discussed via nexmon@seemoo.de. I've found some suspected security vulnerabilities, and send email about them several month ago. Unfortunately I haven't received any reply yet, is there a new email address to handle suspected security vulnerabilities? Or I just need to wait a little bit longer for the reply.
@jlinktu
Copy link
Member

jlinktu commented Mar 15, 2024

If you are referring to tcpdump and boringssl, then we received your mail. Simply forgot to answer. Thank you for making us aware of this, at some point we'll update those.

@the-Chain-Warden-thresh
Copy link
Author

If you are referring to tcpdump and boringssl, then we received your mail. Simply forgot to answer. Thank you for making us aware of this, at some point we'll update those.

Thank you for your confirmation! By the way, wireshark in this repo is also vulnerable to some security issue, and my merge request was accepted by wireshark. I believe it's necessary to update wireshark together with tcpdump and boringssl.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jlinktu @the-Chain-Warden-thresh