Hi Allen, On 08/24/2016 05:38 PM, Allen Winter wrote: > I already responded to a similar question in July > see http://lists.infradead.org/pipermail/libical-devel/2016-July/000726.html > > I do have have access to those bug reports. > I do not have time to work on this at the moment. > > I'd be happy if you'd investigate. maybe I get you access somehow. > Can you tell me your account name at bugzilla.mozilla.org?
Ola already provided his account name below. ;-) Can I please get access, too? My account name is bal...@balintreczey.hu. It can be useful if at least to people from the team can look at the issue. > > On Monday, August 08, 2016 07:38:31 PM Ola Lundqvist wrote: >> Hi libical developers, libical maintainer and LTS team >> >> As part of the Debian Long Term Security team I have started to look >> into a few possible security related vulnerabilities. >> More details are available here: >> https://security-tracker.debian.org/tracker/source-package/libical >> >> My problem is that each CVE refers to a bugzilla bug id and they are not >> public >> CVE-2016-5827 https://bugzilla.mozilla.org/show_bug.cgi?id=1281043 >> CVE-2016-5826 https://bugzilla.mozilla.org/show_bug.cgi?id=1281041 >> CVE-2016-5825 https://bugzilla.mozilla.org/show_bug.cgi?id=1280832 >> CVE-2016-5824 https://bugzilla.mozilla.org/show_bug.cgi?id=1275400 >> CVE-2016-5823 reserved, do you know anything about it? >> >> My question to you are whether any of you know who I should contact >> about these bugs? >> Or if I can get access to them? (my login is o...@inguza.com) ^^^^^^^^^^^^^^^ Cheers, Balint >> Or who I should contact for requesting access. >> Whether you know of any other security issues in libical (wheezy is >> using revision 0.48) >> >> Thanks a lot in advance! >> >> >> // Ola >> >> >