Date: Sat, 25 Jun 2016 08:34:37 -0700 From: Alan Coopersmith <alan.coopersmith@...cle.com> To: oss-security@...ts.openwall.com, fulldisclosure@...lists.org Subject: Re: libical 0.47 SEGV on unknown address On 06/24/16 06:54 AM, Brandon Perry wrote: > I am posting this to Full Disclosure/OSS instead of reporting it because I have > opened a handful of libical bugs in the Mozilla bug tracker, alerted > security@...illa.org <mailto:security@...illa.org>, and worked to show how and > where to reproduce the bugs in Thunderbird, but Mozilla hasn’t shown any care at > all about the bugs. Perhaps if I give a sample to the community of the bugs in > the bug reports, Mozilla will take the bug reports more seriously. This bug > attached had not been reported yet. Did you report them to libcial upstream? http://libical.github.io/libical/ > My roommate mentioned Thunderbird being a second-class citizen in the Mozilla > world, so if this is the case, this should be made explicit in regards to bug > bounty expectations. While Thunderbird is still a beloved child of Mozilla, it's been told it's time to move out of its parents house and find its own sources of income/support: https://groups.google.com/d/msg/mozilla.governance/kAyVlhfEcXg/Eqyx1X62BQAJ https://blog.mozilla.org/thunderbird/2015/12/thunderbird-active-daily-inquiries-surpass-10-million/ -- -Alan Coopersmith- alan.coopersmith@...cle.com Oracle Solaris Engineering - http://blogs.oracle.com/alanc
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ