[tinydtls-dev] Vulnerability report against Eclipse TinyDTLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[tinydtls-dev] Vulnerability report against Eclipse TinyDTLS

From: Wayne Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Aug 2021 14:45:53 -0400
Delivered-to: tinydtls-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/tinydtls-dev/>
List-help: <mailto:tinydtls-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/tinydtls-dev>, <mailto:tinydtls-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/tinydtls-dev>, <mailto:tinydtls-dev-request@eclipse.org?subject=unsubscribe>

Greetings Eclipse TinyDTLS committers.

There is an open vulnerability report registered against the project code. Note that the issue is currently marked confidential and so is only accessible by committers.

I need project committers to have a look at the report and determine if it correctly identifies a vulnerability. If yes, then you need to determine when the correct time is to assign a CVE and disclose the vulnerability. The Eclipse Foundation's practices regarding mitigation of vulnerabilities is captured in the handbook.

Thanks for your attention in this matter.

Wayne

Wayne Beaton

Director of Open Source Projects | Eclipse Foundation

Follow-Ups:
- Re: [tinydtls-dev] Vulnerability report against Eclipse TinyDTLS
  - From: Olaf Bergmann

Prev by Date: Re: [tinydtls-dev] There may be some null-dereference bugs in dtls.c
Next by Date: Re: [tinydtls-dev] Vulnerability report against Eclipse TinyDTLS
Previous by thread: [tinydtls-dev] There may be some null-dereference bugs in dtls.c
Next by thread: Re: [tinydtls-dev] Vulnerability report against Eclipse TinyDTLS
Index(es):
- Date
- Thread

Breadcrumbs