[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Secunia Research] Asking for security contact

From: Nikos Mavrogiannopoulos
Subject: Re: [Secunia Research] Asking for security contact
Date: Mon, 15 May 2017 13:58:03 +0200

On Thu, May 11, 2017 at 3:06 PM, Secunia Research <address@hidden> wrote:
> Hello,
> We have discovered two vulnerabilities in Libtasn1 and contact you to
> attempt a coordinated disclosure.
> We have reserved Secunia Advisory SA76125 and set a preliminary release date
> to 31st of May 2017. We are prepared to postpone this date in case you need
> more time to address the vulnerabilities, as long as you keep us updated on
> the status.
> Please provide us with the contact details of the security team or person so
> that we can disclose the details of the discovered vulnerabilities.

 I received the information today and it seems to be a bug in the
ASN.1 definitions parser. As this parser does not process data from
3rd parties (network or so), it would hardly classify as a security
vulnerability. I've asked the reporter to use the mailing list for
further communication on the issue.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]