oss-sec mailing list archives
Re: libical 0.47 SEGV on unknown address
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Sat, 25 Jun 2016 08:34:37 -0700
On 06/24/16 06:54 AM, Brandon Perry wrote:
I am posting this to Full Disclosure/OSS instead of reporting it because I have opened a handful of libical bugs in the Mozilla bug tracker, alerted security () mozilla org <mailto:security () mozilla org>, and worked to show how and where to reproduce the bugs in Thunderbird, but Mozilla hasn’t shown any care at all about the bugs. Perhaps if I give a sample to the community of the bugs in the bug reports, Mozilla will take the bug reports more seriously. This bug attached had not been reported yet.
Did you report them to libcial upstream? http://libical.github.io/libical/
My roommate mentioned Thunderbird being a second-class citizen in the Mozilla world, so if this is the case, this should be made explicit in regards to bug bounty expectations.
While Thunderbird is still a beloved child of Mozilla, it's been told it's time to move out of its parents house and find its own sources of income/support: https://groups.google.com/d/msg/mozilla.governance/kAyVlhfEcXg/Eqyx1X62BQAJ https://blog.mozilla.org/thunderbird/2015/12/thunderbird-active-daily-inquiries-surpass-10-million/ -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - http://blogs.oracle.com/alanc
Current thread:
- libical 0.47 SEGV on unknown address Brandon Perry (Jun 24)
- Re: libical 0.47 SEGV on unknown address cve-assign (Jun 25)
- Re: libical 0.47 SEGV on unknown address Alan Coopersmith (Jun 25)
- Re: libical 0.47 SEGV on unknown address Brandon Perry (Jun 25)