eparate email from my google account.
>
>
>
> If anybody else in the list are interested in this stuff, please let me
> know. Please note this is related to security and therefore I will not
> publicly list the vulnerabilities found. On depending on the severity, I
> can do a maintenance releas
: Sunday, December 4, 2016 7:53 PM
To: Marti ; lcms-user@lists.sourceforge.net
Subject: Re: [Lcms-user] Reporting potential security vulnerabilities in lcms
Marti,
I've got your e-mail, thanks. I've CC'ed you on all 4 lcms bugs and they should
be now visible to you:
https://bu
;
>
> Best regards
>
> Marti Maria
>
> The LittleCMS project
>
> http://www.littlecms.com
>
>
>
>
>
> *From:* Mike Aizatsky [mailto:aizat...@google.com]
> *Sent:* Friday, December 2, 2016 7:58 PM
> *To:* lcms-user@lists.sourceforge.net
> *Subject:* [Lcms-user] Re
...@google.com]
Sent: Friday, December 2, 2016 7:58 PM
To: lcms-user@lists.sourceforge.net
Subject: [Lcms-user] Reporting potential security vulnerabilities in lcms
Hi!
Our OSS-Fuzz fuzzing effort
(https://testing.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html)
has located
Is this really such a serious barrier?
On Fri, Dec 2, 2016 at 18:45 Elle Stone
wrote:
> On 12/02/2016 08:35 PM, Mike Aizatsky wrote:
> > This is what we use for authentication and what seems to be widely
> > available. Note that any e-mail address can be associated with a Google
> > account.
>
>
On 12/02/2016 08:35 PM, Mike Aizatsky wrote:
> This is what we use for authentication and what seems to be widely
> available. Note that any e-mail address can be associated with a Google
> account.
So you are saying access is limited to people with Google accounts. This
seems just as surprising
This is what we use for authentication and what seems to be widely
available. Note that any e-mail address can be associated with a Google
account.
https://github.com/google/oss-fuzz/blob/master/docs/faq.md#why-we-require-an-e-mail-associated-with-a-google-account
On Fri, Dec 2, 2016 at 3:59 PM
Mike Aizatsky writes:
> We will CC developers on these issues to give them access to stack traces
> and reproducer data. For that we'd need an e-mail with associated gmail
> account.
Do you really intend to limit access to people with gmail accounts?
That seems very surprising at first glance.
Hi!
Our OSS-Fuzz fuzzing effort (
https://testing.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html)
has located several potential issues in lcms library (crash, heap use after
free, heap buffer overflow) using the fuzz targets we developed (
https://github.com/google/oss-fuzz/tre
