Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <91b42b0c-9103-4ef3-a806-26e9de10e177@gmail.com>
Date: Tue, 28 Apr 2026 22:18:46 -0500
From: Jacob Bachmeyer <jcb62281@...il.com>
To: oss-security@...ts.openwall.com,
 MOHAMED AZIZ RAHMOUNI <mohamedaziz.rahmouni@...at.ucar.tn>,
 secalert@...hat.com, Dmitry@...skoy.name
Subject: Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2

On 4/28/26 17:03, MOHAMED AZIZ RAHMOUNI wrote:
> Hello,
>
> I am reporting a security vulnerability I discovered in traceroute 
> 2.1.2 during manual code review and dynamic fuzzing.
>
> [...]
>
> I am following a 90-day responsible disclosure policy. I intend to 
> publish details publicly on 2026-07-27 unless a patch is available 
> sooner, at which point I will coordinate the disclosure timeline with you.
>
> Please confirm receipt of this report.

Oops.  The oss-security mailing list is public.  If you want to do 
coordinated disclosure, you might want to avoid sending the initial 
report to a public mailing list.  :-)

It is very fortunate that, as Dmitry Butskoy indicated in his reply, 
your copy appears to have been tampered with and the official sources do 
not have this problem.


-- Jacob

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.