Date: Thu, 3 Nov 2022 18:32:22 +0200 From: Nicola Tuveri <nic.tuv@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) I can also add that at least this member of the OpenSSL Technical Committee is following the discussion, and I believe I am not the only one. The feedback shared here on oss-security is read and carefully considered, and I know it will be discussed within OTC to continue the ongoing process of improving the OpenSSL project and its procedures. I totally concur with Tavis Ormandy: > this is active prolific opensource security researchers discussing their opensource security work on the opensource security mailing list :) Personally, I'd like to thank you all for the feedback so far, as it is in itself a contribution to the project, even when it is harsh and reminds us of our mistakes. As long as it is kept polite and constructive, as it has been so far here, all feedback is very welcome and valuable. Cheers, Nicola Tuveri
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.