Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Jul 2011 06:49:52 -0400
From: Dan Rosenberg <>
Cc: Jan Lieskovsky <>, "Steven M. Christey" <>, 
	Secunia Research <>
Subject: Re: Re: CVE Request -- libsndfile -- Integer overflow
 by processing certain PAF files

> In terms of ease of exploitation, this one has to be in the very difficult
> basket.

I agree, this would be difficult to exploit.

>> It's better to be safe than sorry.
> That's why I rushed out a new release. I do take this seriously, but
> I do not like to see the threat exaggerated beyond reason.

I didn't mean to imply we should be panicking and running for the
hills. Just that the assessment that this is *potentially* exploitable
for code execution is accurate and is most helpful to distributions
and users when gauging risk and determining when to release and apply


> Erik
> --
> ----------------------------------------------------------------------
> Erik de Castro Lopo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.