Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Apr 2017 10:43:50 +0800
From: redrain root <rootredrain@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2017-8291 ghostscript remote code execution

what a awkward??
I have discovered a part of my vulns about ghostscript last year and
exploited in fulldisclosure early!
and these vulns are part of mine I was going to discovered these in defcon
or other conference...WTF...
u guys are logo designer???

there are two demos last year
Evince Arbitrary Code Execution https://youtu.be/wzcrHXngfcM Attack Imagick
through Ghostscript https://youtu.be/tPGm_ANDyOw


Regards,
redrain



2017-04-28 19:37 GMT+08:00 David Black <dblack@...assian.com>:

> On Friday, 28 April 2017, Kurt H Maier <khm@...ops.net> wrote:
>
> > On Fri, Apr 28, 2017 at 01:50:04AM -0000, security@...assian.com
> > <javascript:;> wrote:
> >
> >
> > Why are you sending user-tracking urls to this list?
> >
> >
> Hi Kurt,
> We did not intend to send user tracking urls to this list. However, the
> method we used to send the email resulted in sendgrid rewriting the the
> links. We apologise regardless.
>
>
> --
> David.
>
>
> --
> David Black / Security Engineer.
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ