[sr-dev] [tracker] Assignee added: Crash if t_release() is executed after t_relay_to(), when this last returns -1

[Henning Westerholt]

On Thursday 01 December 2011, Daniel-Constantin Mierla wrote:
> [..]
> > Anyone objecting to implementing a process for handling security
> > incidents?
> 
> I have no objection in this regard, any contribution/managing process
> that will make usage of the project easier/more attractive for various
> people is welcome. The question will be who will take the work (e.g.,
> reviewing, categorization, announcements to devels and community, ...).
> Personally, I try not to make a difference between bugs, but just try to
> solve asap, with priority on how common use case is the situation rising
> the bug.
> 
> Another question is categorizing 'security bugs' - in my understanding I
> consider such bugs when one can gain access to server or
> steal/compromise data from/on the server. Chasing situations are not in
> this category (IMO).

Hi Daniel,

IMHO also certain denial of service attacks belongs to the "security bug" 
class. If somebody can easily bring my service down because of e.g. a crash 
during the processing of misformated (network) input then the availability of 
the service can be easily compromised.

Best regards,

Henning