[Bf-committers] Where to discuss (possible) security issues?

Cyril Brulebois kibi at debian.org
Mon May 5 01:32:26 CEST 2008


I'm wondering whether there's a private list/alias where one can discuss
possible security issues, or whether that list would be appropriate.

BTW, while running an analyzer on the sources, I noticed that one:
| strncat(name, s_elem->name, FILE_MAXFILE);
in source/blender/src/sequence.c:1708

while all other strncat calls are using FILE_MAXFILE-1. Since the patch
is trivial (and the problem found automatically with that flawfinder
tool), I think it's safe to assume there's no real vuln. disclosure

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.blender.org/pipermail/bf-committers/attachments/20080505/15c4e4ce/attachment.pgp 

More information about the Bf-committers mailing list