[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: [videolan] [oss-security] older issues in libbluray
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2015-02-23 15:40:26
Message-ID: 54EB49EA.9020905 () redhat ! com
[Download RAW message or body]
So the good news/bad news is I'm finished cleaning out about 20 older
bugs that were embargoed and not properly handled (mostly due to them
stalling and then being forgotten I guess, some were from 6 years ago,
well before I even worked for Red Hat).
Again my apologies for this mess. The good news is that all our current
embargoed flaws (none against VLC currently =) are being actively
handled (e.g. worked on in a current time frame) and moving forwards we
should hopefully be able to avoid issues like this.
Also one request (not just specific to VLC, but everyone with a
project): please have a security@ email address for your project or a
security web page that makes it obvious how to contact and report things
privately, this is a common problem and easily solved (and will make it
much easier for people to report issues).
I just recently found myself emailing random security@ addresses at
other projects to see if they bounce or not. I still have no idea if the
projects received my security report (no bounce so here's hoping!).
On 23/02/15 01:52 AM, Jean-Baptiste Kempf wrote:
> We never were contacted.
> This is not really cool.
>
> On 22 Feb, Kurt Seifried wrote :
>> With apologies, I tracked down the original report and added it to our
>> BZs. I was also under the impression VideoLan had been contacted but
>> just to ensure this is the case adding them to the CC.
>>
>> On 22/02/15 11:43 AM, Moritz Mühlenhoff wrote:
>>> On Fri, Feb 06, 2015 at 04:21:20PM -0700, Kurt Seifried wrote:
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=959434
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=959433
>>>>
>>>> these may warrant a cve
>>>
>>> Have these been reported to libbluray upstream? The
>>> Bugzilla entries are rather scarce on details.
>>>
>>> Cheers,
>>> Moritz
>>>
>>
>> --
>> Kurt Seifried -- Red Hat -- Product Security -- Cloud
>> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
>>
>
>
>
>> _______________________________________________
>> videolan mailing list
>> videolan@videolan.org
>> https://mailman.videolan.org/listinfo/videolan
>
>
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic