From owner-freebsd-security@FreeBSD.ORG Thu Sep 29 12:12:28 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B759D16A41F for ; Thu, 29 Sep 2005 12:12:28 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: from web30315.mail.mud.yahoo.com (web30315.mail.mud.yahoo.com [68.142.201.233]) by mx1.FreeBSD.org (Postfix) with SMTP id 41F0443D4C for ; Thu, 29 Sep 2005 12:12:28 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 15621 invoked by uid 60001); 29 Sep 2005 12:12:27 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=j8cpxdoLPnt/5VwYuXsVF9MCfJxRjxZye5nPzju0ZnPnutjTPCW82GwhnC318wJGhjczHSx1yK21dQ0h/4DjnKPzs7Mg9Et0UuU9m3fSH8B7VkpaaZ1mcmlOeXbyC2Fcuf4PkduZAIHlIZYCa0yVO0C3o5AWLK6q7FTX2Te6UKo= ; Message-ID: <20050929121227.15619.qmail@web30315.mail.mud.yahoo.com> Received: from [213.54.67.248] by web30315.mail.mud.yahoo.com via HTTP; Thu, 29 Sep 2005 05:12:27 PDT Date: Thu, 29 Sep 2005 05:12:27 -0700 (PDT) From: Arne "Wörner" To: Juergen Lock In-Reply-To: <200509282145.j8SLjuR0092873@saturn.kn-bremen.de> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org Subject: Re: New FreeBSD Security Officer X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2005 12:12:28 -0000 --- Juergen Lock wrote: > Btw, should one expect a confirmation email when emailing > security-officer@FreeBSD.org about a (possibly) new hole? I'm > wondering if two mails i sent got lost somehow... > On http://www.freebsd.org./security/ I found the following: "All FreeBSD Security issues should be reported directly to the Security Officer Team (mailto:security@FreeBSD.org) personally or otherwise to the Security Officer (mailto:security-officer@FreeBSD.org). All reports should at least contain: A description of the vulnerability; What versions of FreeBSD seem to be affected if possible; Any plausible workaround; And example code if possible. After this information has been reported the Security Officer or a Security Team delegate will get back with you." This clearly says, that you contacted the right person, and that somebody should "get back with you"... But it does not say when... Maybe in a "timely manner"? :-)) I say, have u tried both email addresses (team and the SecOff himself)? I say, when did you send those two emails? -Arne __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com