[kmscon-devel] Reporting potential security vulnerabilities in libtsm
Mike Aizatsky
aizatsky at google.com
Fri Dec 2 18:50:33 UTC 2016
Hi!
Our OSS-Fuzz fuzzing effort (
https://testing.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html)
has located several potential issues in libtsm library (heap buffer
overflows) using the fuzz target we developed (
https://github.com/google/oss-fuzz/blob/master/projects/libtsm/libtsm_fuzzer.c
)
These crashes are now filed in a security-protected monorail tracker (
https://bugs.chromium.org/p/oss-fuzz/issues/list) and we'd like to find
libtsm developers to take a look at them.
We'd like to CC developers on libtsm issues to give them access to stack
traces and reproducer data. For that we'd need an e-mail with associated
gmail account.
We can set up the process to auto-CC these e-mails when we find more issues.
--
Mike
Sent from phone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/kmscon-devel/attachments/20161202/71ac7d6c/attachment.html>
More information about the kmscon-devel
mailing list