For the record: I added Ola and Balint to all 5 of those bugzilla issues so they can work on them.
On Monday, August 08, 2016 07:38:31 PM Ola Lundqvist wrote: > Hi libical developers, libical maintainer and LTS team > > As part of the Debian Long Term Security team I have started to look > into a few possible security related vulnerabilities. > More details are available here: > https://security-tracker.debian.org/tracker/source-package/libical > > My problem is that each CVE refers to a bugzilla bug id and they are not > public > CVE-2016-5827 https://bugzilla.mozilla.org/show_bug.cgi?id=1281043 > CVE-2016-5826 https://bugzilla.mozilla.org/show_bug.cgi?id=1281041 > CVE-2016-5825 https://bugzilla.mozilla.org/show_bug.cgi?id=1280832 > CVE-2016-5824 https://bugzilla.mozilla.org/show_bug.cgi?id=1275400 > CVE-2016-5823 reserved, do you know anything about it? > > My question to you are whether any of you know who I should contact > about these bugs? > Or if I can get access to them? (my login is [email protected]) > Or who I should contact for requesting access. > Whether you know of any other security issues in libical (wheezy is > using revision 0.48) > > Thanks a lot in advance! > > > // Ola > >
