<div dir="ltr">Is that what would be preferred? I don't want to publicly disclose details of a vulnerability in case it's used to affect users' services. Private disclosure might be better?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On 30 May 2017 at 10:06, Johnny Willemsen <span dir="ltr"><<a href="mailto:jwillemsen@remedy.nl" target="_blank">jwillemsen@remedy.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <p>Hi,<br>
    </p>
    You can always open a pull request at
    <a class="m_-1268935367258886796moz-txt-link-freetext" href="https://github.com/DOCGroup/ACE_TAO" target="_blank">https://github.com/DOCGroup/<wbr>ACE_TAO</a> with the proposed fixes for
    review.<br>
    <br>
    Best regards,<br>
    <pre class="m_-1268935367258886796moz-signature" cols="72">Johnny Willemsen
Remedy IT
Postbus 81 | 6930 AB Westervoort | The Netherlands
<a class="m_-1268935367258886796moz-txt-link-freetext" href="http://www.remedy.nl" target="_blank">http://www.remedy.nl</a>
</pre><div><div class="h5">
    <div class="m_-1268935367258886796moz-cite-prefix">On 05/30/2017 10:55 AM, Electric Worry
      wrote:<br>
    </div>
    </div></div><blockquote type="cite"><div><div class="h5">
      <div dir="ltr">
        <div>
          <div>
            <div>
              <div>
                <div>Hello,<br>
                  <br>
                </div>
                I've been doing some testing of TAO's resilience against
                malicious input and I think I've found a minor issue
                that might warrant some attention. It appears to only be
                a null pointer dereference, so is probably not
                exploitable, but it can cause a denial of service.<br>
                <br>
              </div>
              I've just been testing against the MessengerServer from
              the Dev Guide Examples, but I believe this issue would be
              applicable against any application that uses TAO in a
              similar way.<br>
              <br>
            </div>
            Rather than divulge details here, is there anyone I can
            discuss this with directly to ascertain whether this is an
            issue, and if so to allow for appropriate fixes to be
            applied?<br>
            <br>
          </div>
          Thanks.</div>
      </div>
      <br>
      <fieldset class="m_-1268935367258886796mimeAttachmentHeader"></fieldset>
      <br>
      </div></div><pre>______________________________<wbr>_________________
tao-bugs mailing list
<a class="m_-1268935367258886796moz-txt-link-abbreviated" href="mailto:tao-bugs@list.isis.vanderbilt.edu" target="_blank">tao-bugs@list.isis.vanderbilt.<wbr>edu</a>
<a class="m_-1268935367258886796moz-txt-link-freetext" href="http://list.isis.vanderbilt.edu/cgi-bin/mailman/listinfo/tao-bugs" target="_blank">http://list.isis.vanderbilt.<wbr>edu/cgi-bin/mailman/listinfo/<wbr>tao-bugs</a></pre>
    </blockquote>
    <br>
  </div>

</blockquote></div><br></div>