On Thu, May 11, 2017 at 3:06 PM, Secunia Research <[email protected]> wrote: > Hello, > > We have discovered two vulnerabilities in Libtasn1 and contact you to > attempt a coordinated disclosure. > > We have reserved Secunia Advisory SA76125 and set a preliminary release date > to 31st of May 2017. We are prepared to postpone this date in case you need > more time to address the vulnerabilities, as long as you keep us updated on > the status. > > Please provide us with the contact details of the security team or person so > that we can disclose the details of the discovered vulnerabilities.
Hi, I received the information today and it seems to be a bug in the ASN.1 definitions parser. As this parser does not process data from 3rd parties (network or so), it would hardly classify as a security vulnerability. I've asked the reporter to use the mailing list for further communication on the issue. regards, Nikos
