Date: Tue, 18 Nov 2014 23:37:20 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: RE: [security-vendor] Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Speaking of fuzzing so that clamav issue, was triggered by a file that existed in public since 2010 or so (at least that's what virustotal had for the first submission date). So you'd think based on what people use clamav for it would have been heavily fuzzed by now (scanning all sorts of random/malicious input) but I guess people don't report stuff upstream. Perhaps if we could get people to report crashes in stuff like this more reliably that would be a good start "your program crashed when I processed this file, here's a copy of the file, thanks" (assuming the file doesn't contain sensitive info of course). -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.