Re: [Secunia Research] Asking for security contact

help-libtasn1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Secunia Research] Asking for security contact

From:	Nikos Mavrogiannopoulos
Subject:	Re: [Secunia Research] Asking for security contact
Date:	Mon, 15 May 2017 13:58:03 +0200

On Thu, May 11, 2017 at 3:06 PM, Secunia Research <address@hidden> wrote:
> Hello,
>
> We have discovered two vulnerabilities in Libtasn1 and contact you to
> attempt a coordinated disclosure.
>
> We have reserved Secunia Advisory SA76125 and set a preliminary release date
> to 31st of May 2017. We are prepared to postpone this date in case you need
> more time to address the vulnerabilities, as long as you keep us updated on
> the status.
>
> Please provide us with the contact details of the security team or person so
> that we can disclose the details of the discovered vulnerabilities.

Hi,
 I received the information today and it seems to be a bug in the
ASN.1 definitions parser. As this parser does not process data from
3rd parties (network or so), it would hardly classify as a security
vulnerability. I've asked the reporter to use the mailing list for
further communication on the issue.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

[Secunia Research] Asking for security contact, Secunia Research, 2017/05/11
- Re: [Secunia Research] Asking for security contact, Nikos Mavrogiannopoulos <=

Prev by Date: [Secunia Research] Asking for security contact
Next by Date: libtasn1 issue [was: [Secunia Research] Libtasn1 Vulnerability Report]
Previous by thread: [Secunia Research] Asking for security contact
Next by thread: libtasn1 issue [was: [Secunia Research] Libtasn1 Vulnerability Report]
Index(es):
- Date
- Thread