[Devel] Two more BugTraq reports
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Thu Jan 4 16:55:14 CET 2007
Hi Bastian,
First of all thanks for pointing this out. Currently both bugs have been
fixed in 1.1.x (stable) and 1.2.x (devel) versions.
The fixes were done by Di-Shi Sun for the OSP module (he is its
maintainer) and by me for the SMS module.
doing a search on the site, reveals 7 bugs, but there are only 3
district, the rest of 4 being duplicates. Not sure why :-/.
Bastian Friedrich wrote:
>Hi,
>
>happy new year!
>
>As I have not seen the topic mentioned here, I'd like to report that there
>were two more openser bugs disclosed on the security mailing list BugTraq:
>
>http://www.securityfocus.com/archive/1/455415/30/30/threaded
>http://www.securityfocus.com/archive/1/455412/30/30/threaded
>
>Both describe possible buffer overflows (this time, with _possibly_ remote
>exploitability) in two modules (sms and osp). Sadly, the hacker seems not to
>have contacted the openser team before dislosing the bugs...
>
>1) Is there any dedicated security contact for openser? It might be a good
> idea to have a dedicated email address and/or dedicated security contact
> information on the openser web page.
>
>
for the moment let us use the deve list or the bug tracker. maybe in the
feature we create a new tracker entry for vulnerabilities.
>2) Have you been aware of the leaks? Is it ok that I forward these reports
> here, or should I have opened new bugtracker tickets?
>
>
guess nobody had no idea about them....feel free to use the list.
Best regards,
Bogdan
>Best,
> Bastian
>
>
>
More information about the Devel
mailing list