Tomas Hoger wrote:
On Fri, 1 Aug 2014 13:54:28 +0530 Niranjan wrote:
> My Name is Niranjan, I am QE Engineer with Red Hat Certificate
> Services team, I would like to try and see if i can be of any help to
> the team.
>
> I would like to work on the below bugs:
>
>
https://bugzilla.redhat.com/show_bug.cgi?id=884831
>
https://bugzilla.redhat.com/show_bug.cgi?id=869570
A help form anyone who is already familiar with the code base of a
specific affected component, or is familiar enough with it to be able
to test applied fix, is definitely welcome.
I am trying to ascertain if the package
is indeed vulnerable to CVE's mentioned
in the BZ, I will post my updates to the list.
Where i am currently:
Have installed pki-ca, pki-kra, pki-tks, pki-tps and configured to verify if
the CVE's are applicable. Currently there are some issues to access the TPS
admin interface, If this issue turns out to be a bug, then CVE's may not be
applicable (because to take advantage of the vulnerability one has to login to
tps admin interface.) , I have mailed package maintainer for further help in
this regard.
I will post the updates on this.
If any body else have any more pointers on this. Do let me know
Regards
Niranjan
--
Tomas Hoger / Red Hat Product Security
_______________________________________________
security-team mailing list
security-team(a)lists.fedoraproject.org
https://lists.fedoraproject.org/mailman/listinfo/security-team