Kurt Zeilenga wrote:
That said, as I noted above, I might be find one or two cases more interesting if they were pulled from the weeds. If you have some urgent need to have one or two examined soon, I suggest you do the pulling.
Also, since discovering potential bugs in an automated manner does not allow to directly figure out their impact, posting them to a public list could either
1) cause security issues in case of real, yet undiscovered vulnerabilities. In this case, publicity should occur only __after__ the issue has been fixed and the fix released.
2) generate confusion in case of false positives.
For this purpose, the ITS allows to mark submissions as PRIVATE.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------