Hi, happy new year!
As I have not seen the topic mentioned here, I'd like to report that there were two more openser bugs disclosed on the security mailing list BugTraq: http://www.securityfocus.com/archive/1/455415/30/30/threaded http://www.securityfocus.com/archive/1/455412/30/30/threaded Both describe possible buffer overflows (this time, with _possibly_ remote exploitability) in two modules (sms and osp). Sadly, the hacker seems not to have contacted the openser team before dislosing the bugs... 1) Is there any dedicated security contact for openser? It might be a good idea to have a dedicated email address and/or dedicated security contact information on the openser web page. 2) Have you been aware of the leaks? Is it ok that I forward these reports here, or should I have opened new bugtracker tickets? Best, Bastian -- Collax GmbH . Burkheimer Straße 3 . 79111 Freiburg . Germany p: +49 (0) 761-45684-24 f: +49 (0) 761-45684-10 www.collax.com \ Q: How many surrealists does it take to change a light bulb? \ A: Two, one to hold the giraffe, and the other to fill the \ bathtub with brightly colored machine tools. _______________________________________________ Devel mailing list Devel@openser.org http://openser.org/cgi-bin/mailman/listinfo/devel
