oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Thu, 3 Nov 2022 18:32:22 +0200
From: Nicola Tuveri <nic.tuv@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: OpenSSL X.509 Email Address 4-byte Buffer
 Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)

I can also add that at least this member of the OpenSSL Technical
Committee is following the discussion, and I believe I am not the only
one.

The feedback shared here on oss-security is read and carefully
considered, and I know it will be discussed within OTC to continue the
ongoing process of improving the OpenSSL project and its procedures.

I totally concur with Tavis Ormandy:
> this is active prolific opensource security researchers discussing their opensource security work on the opensource security mailing list :)

Personally, I'd like to thank you all for the feedback so far, as it
is in itself a contribution to the project, even when it is harsh and
reminds us of our mistakes.
As long as it is kept polite and constructive, as it has been so far
here, all feedback is very welcome and valuable.

Cheers,

Nicola Tuveri

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.