Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 25 Jun 2016 10:41:16 -0500
From: Brandon Perry <>
Subject: Re: libical 0.47 SEGV on unknown address

> On Jun 25, 2016, at 10:34 AM, Alan Coopersmith <> wrote:
> On 06/24/16 06:54 AM, Brandon Perry wrote:
>> I am posting this to Full Disclosure/OSS instead of reporting it because I have
>> opened a handful of libical bugs in the Mozilla bug tracker, alerted
>> <>, and worked to show how and
>> where to reproduce the bugs in Thunderbird, but Mozilla hasn’t shown any care at
>> all about the bugs. Perhaps if I give a sample to the community of the bugs in
>> the bug reports, Mozilla will take the bug reports more seriously. This bug
>> attached had not been reported yet.
> Did you report them to libcial upstream? <>

I had initially asked for contact information regarding reporting potentially sensitive security test cases, but after a couple of days, I decided to look into another product that I figured would have more visibility and more power to get things fixed. <>
>> My roommate mentioned Thunderbird being a second-class citizen in the Mozilla
>> world, so if this is the case, this should be made explicit in regards to bug
>> bounty expectations.
> While Thunderbird is still a beloved child of Mozilla, it's been told it's time
> to move out of its parents house and find its own sources of income/support:
> --
> 	-Alan Coopersmith-    
> 	 Oracle Solaris Engineering -

Content of type "text/html" skipped

Download attachment "signature.asc" of type "application/pgp-signature" (843 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ