Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <51F0E96D.9070903@redhat.com>
Date: Thu, 25 Jul 2013 03:01:33 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: Jean-Baptiste Kempf <jb@...eolan.org>
CC: oss-security@...ts.openwall.com, Michael Niedermayer <michaelni@....at>,
        Moritz Muehlenhoff <jmm@...til.org>,
        Moritz Muehlenhoff <jmm@...ian.org>, ffmpeg-security@...peg.org,
        security@...eolan.org
Subject: Re: new FFMpeg stuff

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/25/2013 02:52 AM, Jean-Baptiste Kempf wrote:
> On 25 Jul, Kurt Seifried wrote :
>> Can the VLC security team confirm/correct this as needed so we
>> can ensure it's correct before I assign CVEs? thanks.
> 
> Why the VLC security team should be involved in that?

Because they want to help make sure the CVEs get correctly assigned?

If you guys don't care about getting CVE's done properly well that's
your choice I guess and I'll assign the CVEs as best I can. But I was
hoping VLC upstream might help out.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR8OltAAoJEBYNRVNeJnmTrQgQAIV55cIEFWiCsm292zRI9IgX
UnrEsa5WBHznZDVHva49QRsZYFrDcYNFsnvgyn7Jc+UHHKr90b/zlcGvvMxVYopE
1uWTScgdcbDbZe7MI0KPV19Ig5rMRdD0fWJDM/hnvQLqt2aMHpVyGU30oE/b9z2/
Iom2jjNrkHPZLo9hPLHJHqYb798g7KStsQtt9cpjTXVdsZx94N0tGoBZFqR4BxVW
Q5B4izEwR6hObY5rm94gQEeGOYxZiJ+CCt5Mc1eEhktcnSpS5POj6qwDUlQsKYZC
r0iAh4jDFaqsR1583voaiUbDFVTgKnOV2dGNS8TJkLMP6ATJSlC+lw1WS2Sf30nf
kzxAdunIeZIP4ZpEDorJv8v0jLdY+bPW/AX2mx0MwMB5nNjVNuoImPT/DjI5dxxF
mgcES5P8sULr2TWDdcJFZrFT0OUgsnkFtoSzzfcy0VhGzDnmOYTzjM6RqGEjzs2u
01MxVRdNnEmxy5oEfpqxZdeRpObbf9RCrHku0t7v2ZoIv1aO0fRXQTEhbu7crD3J
Fb3ggWC9lBXHyN5g6c7uTwJABns2VpPl9H6gR4uN+NXJEirJElcdrL38seo/hJUs
ROYBKnPj6Nh9HRtmZevSHOTeGcfUg2GxpG/2XfxnAJUC1HSRScWB7tery6u2cQi6
Nl83Yw2FBMgv365yHRvy
=p9qJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.