From aizatsky at google.com Fri Dec 2 18:50:33 2016 From: aizatsky at google.com (Mike Aizatsky) Date: Fri, 02 Dec 2016 18:50:33 +0000 Subject: [kmscon-devel] Reporting potential security vulnerabilities in libtsm Message-ID: Hi! Our OSS-Fuzz fuzzing effort ( https://testing.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html) has located several potential issues in libtsm library (heap buffer overflows) using the fuzz target we developed ( https://github.com/google/oss-fuzz/blob/master/projects/libtsm/libtsm_fuzzer.c ) These crashes are now filed in a security-protected monorail tracker ( https://bugs.chromium.org/p/oss-fuzz/issues/list) and we'd like to find libtsm developers to take a look at them. We'd like to CC developers on libtsm issues to give them access to stack traces and reproducer data. For that we'd need an e-mail with associated gmail account. We can set up the process to auto-CC these e-mails when we find more issues. -- Mike Sent from phone -------------- next part -------------- An HTML attachment was scrubbed... URL: