[vlc-devel] CVE-2019-13602 Heap Based Buffer Overflow Vulnerability
Rémi Denis-Courmont
remi at remlab.net
Wed Jul 17 08:22:56 CEST 2019
Hi,
I was alluding to the nonsensical patch for broken subtitles, committed, pushed and backported in an interval of 3 minutes, which both you and I thought was inadequate.
Here, the bug reporter sent a clear report with test case. He was ignored for days on, in spite of pings. Eventually, he contacted me directly so I tried to make a patch, proof read it, pushed it and waited several days for comments. Nobody commented so I backported.
Then weeks later, François attacks me for introducing a vulnerability in that fix and for creating a CVE. My patch is ugly and wrong but I don't see a vulnerability and I definitely did not create a CVE, though I can see that somebody else did - probably the original bug reporter.
Le 16 juillet 2019 22:50:39 GMT+03:00, Thomas Guillem <thomas at gllm.fr> a écrit :
>Hello,
>
>On Tue, Jul 16, 2019, at 18:23, Rémi Denis-Courmont wrote:
>> Le tiistaina 16. heinäkuuta 2019, 10.35.12 EEST Francois Cartegnie a
>écrit :
>> > https://www.securityfocus.com/bid/109158/references
>> >
>> > So now we create a new CVE for the out of bound access introduced
>by the
>> > CVE fix ?
>>
>> You had several weeks to fix this bug better, also plenty of time to
>comment
>> before it was backported (unlike a recent certain commit from a
>certain
>> somebody), and you still have time to fix it before it gets released.
>
>Who is this certain guy ? Which certain commit ?
>I don't understand this mail thread, and indirect references don't help
>me.
>
>
>>
>> But clearly, you are more interested in trolling me than being
>productive.
>> Point taken.
>>
>> --
>> レミ・デニ-クールモン
>> http://www.remlab.net/
>>
>>
>>
>> _______________________________________________
>> vlc-devel mailing list
>> To unsubscribe or modify your subscription options:
>> https://mailman.videolan.org/listinfo/vlc-devel
>_______________________________________________
>vlc-devel mailing list
>To unsubscribe or modify your subscription options:
>https://mailman.videolan.org/listinfo/vlc-devel
--
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20190717/180c8f91/attachment.html>
More information about the vlc-devel
mailing list