This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: DNS Resolver library testing

I need help from the GLIBC community. 
It takes a lot of time to analyze them and figure out what the issues are with the code.

I have already submitted one to the libc-alpha mailing list, and nobody has even reviewed the issue.

-----Original Message-----
From: Ángel González [] 
Sent: Friday, August 21, 2015 3:30 PM
To: Holliday, Robert
Subject: Re: DNS Resolver library testing

On 21/08/15 23:43, Holliday, Robert wrote:
> Is there a contact with the GLIBC library, that would be willing to 
> work with Codenomicon, to scan the DNS Resolver library, and report 
> the vulnerabilities to the GLIBC community, which would help get them fixed and make the DNS library used more secure?
> Please contact They have worked with many other 
> open source projects to make them less vulnerable. I am not able to 
> get the DNS library scanned by them, they will only work with members of the GLIBC team.
> Thanks.
If you already have the tool, and have already found

"many zero-day vulnerabilities" on it, why is the contact to codenomicon needed?

I mean, I welcome that it gets fuzzed and codenomicon offers that, but IMHO that should be *in addition* of reporting (and fixing) the vulnerabilities you already found, which should be step 1.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]