Date: Tue, 24 Feb 2015 12:35:07 -0800 From: Tavis Ormandy <taviso@...gle.com> To: oss-security@...ts.openwall.com Cc: Kurt Seifried <kseifried@...hat.com>, Assign a CVE Identifier <cve-assign@...re.org>, jb@...eolan.org Subject: Re: Re: [videolan] older issues in libbluray On Mon, Feb 23, 2015 at 7:47 AM, Jean-Baptiste Kempf <jb@...eolan.org> wrote: > > On 23 Feb, Kurt Seifried wrote : > > Again my apologies for this mess. The good news is that all our current > > embargoed flaws (none against VLC currently =) are being actively > > handled (e.g. worked on in a current time frame) and moving forwards we > > should hopefully be able to avoid issues like this. > > One libbluray issue was already fixed. > The second one is not really fixable, since BD-J is actually executing > java code from the outside. Forgive my unfamiliarity with BluRay, but based on what you just said, it seems like the solution is what was described in the report: just use a JSM? > > Also one request (not just specific to VLC, but everyone with a > > project): please have a security@ email address for your project or a > > security web page that makes it obvious how to contact and report things > > We have a security email. > > With my kindest regards, > > -- > Jean-Baptiste Kempf > http://www.jbkempf.com/ - +33 672 704 734 > Sent from my Electronic Device
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ