[Bf-committers] Where to discuss (possible) security issues?
Cyril Brulebois
kibi at debian.org
Mon May 5 01:32:26 CEST 2008
Hi,
I'm wondering whether there's a private list/alias where one can discuss
possible security issues, or whether that list would be appropriate.
BTW, while running an analyzer on the sources, I noticed that one:
| strncat(name, s_elem->name, FILE_MAXFILE);
in source/blender/src/sequence.c:1708
while all other strncat calls are using FILE_MAXFILE-1. Since the patch
is trivial (and the problem found automatically with that flawfinder
tool), I think it's safe to assume there's no real vuln. disclosure
here.
Mraw,
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.blender.org/pipermail/bf-committers/attachments/20080505/15c4e4ce/attachment.pgp
More information about the Bf-committers
mailing list