Date: Tue, 24 Feb 2015 22:03:37 +0100 From: Jean-Baptiste Kempf <jb@...eolan.org> To: Tavis Ormandy <taviso@...gle.com> Cc: oss-security@...ts.openwall.com, Kurt Seifried <kseifried@...hat.com>, Assign a CVE Identifier <cve-assign@...re.org> Subject: Re: Re: [videolan] older issues in libbluray On 24 Feb, Tavis Ormandy wrote : > On Mon, Feb 23, 2015 at 7:47 AM, Jean-Baptiste Kempf <jb@...eolan.org> wrote: > > > > On 23 Feb, Kurt Seifried wrote : > > > Again my apologies for this mess. The good news is that all our current > > > embargoed flaws (none against VLC currently =) are being actively > > > handled (e.g. worked on in a current time frame) and moving forwards we > > > should hopefully be able to avoid issues like this. > > > > One libbluray issue was already fixed. > > The second one is not really fixable, since BD-J is actually executing > > java code from the outside. > > Forgive my unfamiliarity with BluRay, but based on what you just said, > it seems like the solution is what was described in the report: just > use a JSM? I don't see the JSM mentioned in the bugreport. -- Jean-Baptiste Kempf http://www.jbkempf.com/ - +33 672 704 734 Sent from my Electronic Device
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ