-
Notifications
You must be signed in to change notification settings - Fork 50
/
Copy pathsecurity.html
123 lines (114 loc) · 5.08 KB
/
security.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<!DOCTYPE html>
<html lang="en">
<!-- HEAD -->
<head>
<meta charset="utf-8">
<title>Security | TCPDUMP & LIBPCAP</title>
<meta name="description" content="Web site of Tcpdump and Libpcap">
<link href="style.css" rel="stylesheet" type="text/css" media="screen">
<link href="images/T-32x32.png" rel="shortcut icon" type="image/png">
</head>
<!-- END OF HTML HEAD -->
<!-- BODY -->
<body>
<!-- TOP MENU -->
<div id="menu">
<ul>
<li><a href="index.html">Home</a></li>
<li class="current_page_item"><a href="security.html">Security</a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="manpages/">Man Pages</a></li>
<li><a href="ci.html">CI</a></li>
<li><a href="linktypes.html">Link-Layer Header Types</a></li>
<li><a href="bpfexam/">BPF Exam</a></li>
<li><a href="related.html">See Also</a></li>
<li><a href="old_releases.html">Old Releases</a></li>
</ul>
</div>
<!-- END OF TOP MENU -->
<!-- PAGE HEADER -->
<div id="splash">
<br><img src="images/logo.png" alt="">
</div>
<div id="logo">
<hr>
</div>
<!-- END OF PAGE HEADER -->
<!-- PAGE CONTENTS -->
<div id="page">
<div class="post">
<h2 class="title">
CVE Numbering Authority
</h2>
<div class="entry">
<p>
The Tcpdump Group
<a class=away
href="https://www.cve.org/PartnerInformation/ListofPartners/partner/Tcpdump">
participates</a> in MITRE's CVE Program as a
<abbr title="CVE Numbering Authority">CNA</abbr> with the
scope limited to tcpdump
and libpcap vulnerabilities. Any involvement with
vulnerabilities in other software can be considered on
a case by case basis only if the software is closely
related to packet capture and analysis and if the case
does not belong to the scope of another CNA.
</p>
</div>
</div>
<div class="post">
<h2 class="title">
Security Contacts and Vulnerability Disclosure Policy
</h2>
<div class="entry">
<p>
All vulnerabilities <strong>must</strong> be
reported to The Tcpdump Group via
<a href="mailto:[email protected]">[email protected]</a>.
</p>
<p>
They will be disclosed to the
public at the next release of tcpdump.
</p>
<p>
As a volunteer run open source organization, The
Tcpdump Group can not promise to release within a set
period like 90 days.
</p>
<p>
The Tcpdump Group aims to release at least once a year.
This is a best effort commitment. We will attempt to
ship more often but this will depend upon
availability of volunteer time.
</p>
<p>
Each release will do its best to credit the
reporter with the identifying of the vulnerability.
Each reported issue will be given a CVE number at
the time of reporting. You can find a list of the most
recently processed CVEs <a href="public-cve-list.txt">here</a>.
</p>
<p>
Bug reports should include a sample pcap (or
pcapng) file that demonstrates the problem.
An effort will be made to keep the sample file
confidential until the bug has been fixed. Once
fixed, the sample file is expected to be released
publicly as part of a test case.
</p>
</div>
</div>
</div>
<!-- END OF PAGE CONTENTS -->
<!-- FOOTER -->
<div id="footer">
<p>
This web site is © 1999–2025 The Tcpdump Group
(<a href="https://github.com/the-tcpdump-group/tcpdump-htdocs/blob/master/README.md">more
information</a>).
</p>
</div>
<!-- END OF FOOTER -->
</body>
<!-- END OF HTML BODY -->
</html>