oss-sec mailing list archives
Re: [videolan] [oss-security] older issues in libbluray
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 23 Feb 2015 08:40:26 -0700
So the good news/bad news is I'm finished cleaning out about 20 older bugs that were embargoed and not properly handled (mostly due to them stalling and then being forgotten I guess, some were from 6 years ago, well before I even worked for Red Hat). Again my apologies for this mess. The good news is that all our current embargoed flaws (none against VLC currently =) are being actively handled (e.g. worked on in a current time frame) and moving forwards we should hopefully be able to avoid issues like this. Also one request (not just specific to VLC, but everyone with a project): please have a security@ email address for your project or a security web page that makes it obvious how to contact and report things privately, this is a common problem and easily solved (and will make it much easier for people to report issues). I just recently found myself emailing random security@ addresses at other projects to see if they bounce or not. I still have no idea if the projects received my security report (no bounce so here's hoping!). On 23/02/15 01:52 AM, Jean-Baptiste Kempf wrote:
We never were contacted. This is not really cool. On 22 Feb, Kurt Seifried wrote :With apologies, I tracked down the original report and added it to our BZs. I was also under the impression VideoLan had been contacted but just to ensure this is the case adding them to the CC. On 22/02/15 11:43 AM, Moritz Mühlenhoff wrote:On Fri, Feb 06, 2015 at 04:21:20PM -0700, Kurt Seifried wrote:https://bugzilla.redhat.com/show_bug.cgi?id=959434 https://bugzilla.redhat.com/show_bug.cgi?id=959433 these may warrant a cveHave these been reported to libbluray upstream? The Bugzilla entries are rather scarce on details. Cheers, Moritz-- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993_______________________________________________ videolan mailing list videolan () videolan org https://mailman.videolan.org/listinfo/videolan
-- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- older issues in libbluray Kurt Seifried (Feb 06)
- Re: older issues in libbluray Moritz Mühlenhoff (Feb 22)
- Re: older issues in libbluray Kurt Seifried (Feb 22)
- Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 23)
- Re: older issues in libbluray Florian Weimer (Feb 23)
- Re: [videolan] [oss-security] older issues in libbluray Kurt Seifried (Feb 23)
- Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 23)
- Re: Re: [videolan] [oss-security] older issues in libbluray Tavis Ormandy (Feb 24)
- Re: Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 24)
- Re: Re: [videolan] [oss-security] older issues in libbluray Tavis Ormandy (Feb 24)
- Re: older issues in libbluray Kurt Seifried (Feb 22)
- Re: older issues in libbluray Moritz Mühlenhoff (Feb 22)