Hi, On Wed, Oct 22, 2025 at 06:06:21PM +0000, Joshua Rogers wrote: > By the way, as mentioned, this was found with the ZeroPath tool. I was > wondering if it would be of interest to send the raw results of this scanner > to somebody that could allow them to review the findings without me manually > triaging? I have done this with curl > (https://daniel.haxx.se/blog/2025/10/10/a-new-breed-of-analyzers/) and it was > quite succesful (~20% false positive rate). > > If this is of interest, please let me know where to send them. The output is > just markdown, and it includes potential security vulnerabilities. If not, I > will (slowly) continue triaging myself.
This is of interest. I'm not really sure where to send this - security bugs go to [email protected], but if it's not security, we should not spam this list. Non-security things could go to GH issues, but *if* there is security relevant things in between, we might want to keep the lid on it, for the moment... So you could send everything my way for a start and I discuss with my co-developers how to do this in the future. I'll then try to triage this in a timely fashion and forward to GH, security@, or just drop :-) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
