[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FD] [oss-security] libical 0.47 SEGV on unknown address
- To: oss-security@xxxxxxxxxxxxxxxxxx, fulldisclosure@xxxxxxxxxxxx
- Subject: Re: [FD] [oss-security] libical 0.47 SEGV on unknown address
- From: Alan Coopersmith <alan.coopersmith@xxxxxxxxxx>
- Date: Sat, 25 Jun 2016 08:34:37 -0700
On 06/24/16 06:54 AM, Brandon Perry wrote:
I am posting this to Full Disclosure/OSS instead of reporting it because I have
opened a handful of libical bugs in the Mozilla bug tracker, alerted
security@xxxxxxxxxxx <mailto:security@xxxxxxxxxxx>, and worked to show how and
where to reproduce the bugs in Thunderbird, but Mozilla hasn’t shown any care at
all about the bugs. Perhaps if I give a sample to the community of the bugs in
the bug reports, Mozilla will take the bug reports more seriously. This bug
attached had not been reported yet.
Did you report them to libcial upstream? http://libical.github.io/libical/
My roommate mentioned Thunderbird being a second-class citizen in the Mozilla
world, so if this is the case, this should be made explicit in regards to bug
bounty expectations.
While Thunderbird is still a beloved child of Mozilla, it's been told it's time
to move out of its parents house and find its own sources of income/support:
https://groups.google.com/d/msg/mozilla.governance/kAyVlhfEcXg/Eqyx1X62BQAJ
https://blog.mozilla.org/thunderbird/2015/12/thunderbird-active-daily-inquiries-surpass-10-million/
--
-Alan Coopersmith- alan.coopersmith@xxxxxxxxxx
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/