Security check of libical

Allen Winter winter at kde.org
Wed Aug 24 12:26:20 PDT 2016


For the record:  I added Ola and Balint to all 5 of those bugzilla issues so they can work on them.

On Monday, August 08, 2016 07:38:31 PM Ola Lundqvist wrote:
> Hi libical developers, libical maintainer and LTS team
> 
> As part of the Debian Long Term Security team I have started to look
> into a few possible security related vulnerabilities.
> More details are available here:
> https://security-tracker.debian.org/tracker/source-package/libical
> 
> My problem is that each CVE refers to a bugzilla bug id and they are not public
> CVE-2016-5827 https://bugzilla.mozilla.org/show_bug.cgi?id=1281043
> CVE-2016-5826 https://bugzilla.mozilla.org/show_bug.cgi?id=1281041
> CVE-2016-5825 https://bugzilla.mozilla.org/show_bug.cgi?id=1280832
> CVE-2016-5824 https://bugzilla.mozilla.org/show_bug.cgi?id=1275400
> CVE-2016-5823 reserved, do you know anything about it?
> 
> My question to you are whether any of you know who I should contact
> about these bugs?
> Or if I can get access to them? (my login is ola at inguza.com)
> Or who I should contact for requesting access.
> Whether you know of any other security issues in libical (wheezy is
> using revision 0.48)
> 
> Thanks a lot in advance!
> 
> 
> // Ola
> 
> 




More information about the libical-devel mailing list