Security check of libical
Balint Reczey
balint at balintreczey.hu
Wed Aug 24 12:01:47 PDT 2016
Hi Allen,
On 08/24/2016 05:38 PM, Allen Winter wrote:
> I already responded to a similar question in July
> see http://lists.infradead.org/pipermail/libical-devel/2016-July/000726.html
>
> I do have have access to those bug reports.
> I do not have time to work on this at the moment.
>
> I'd be happy if you'd investigate. maybe I get you access somehow.
> Can you tell me your account name at bugzilla.mozilla.org?
Ola already provided his account name below. ;-)
Can I please get access, too? My account name is balint at balintreczey.hu.
It can be useful if at least to people from the team can look at the issue.
>
> On Monday, August 08, 2016 07:38:31 PM Ola Lundqvist wrote:
>> Hi libical developers, libical maintainer and LTS team
>>
>> As part of the Debian Long Term Security team I have started to look
>> into a few possible security related vulnerabilities.
>> More details are available here:
>> https://security-tracker.debian.org/tracker/source-package/libical
>>
>> My problem is that each CVE refers to a bugzilla bug id and they are not public
>> CVE-2016-5827 https://bugzilla.mozilla.org/show_bug.cgi?id=1281043
>> CVE-2016-5826 https://bugzilla.mozilla.org/show_bug.cgi?id=1281041
>> CVE-2016-5825 https://bugzilla.mozilla.org/show_bug.cgi?id=1280832
>> CVE-2016-5824 https://bugzilla.mozilla.org/show_bug.cgi?id=1275400
>> CVE-2016-5823 reserved, do you know anything about it?
>>
>> My question to you are whether any of you know who I should contact
>> about these bugs?
>> Or if I can get access to them? (my login is ola at inguza.com)
^^^^^^^^^^^^^^^
Cheers,
Balint
>> Or who I should contact for requesting access.
>> Whether you know of any other security issues in libical (wheezy is
>> using revision 0.48)
>>
>> Thanks a lot in advance!
>>
>>
>> // Ola
>>
>>
>
More information about the libical-devel
mailing list