On Wednesday, August 30, 2017 15:09:39 Raphael Hertzog wrote: > [ Copy to the Debian bugtracker ] > > Hello Christian,
Hi Raphael, > a few security issues have been reported against libgig: > http://seclists.org/fulldisclosure/2017/Aug/39 > > The reproducer files are attached too: > http://seclists.org/fulldisclosure/2017/Aug/att-39/poc_zip.bin > > I wanted to check that you were aware of those issues and if > you had any patch already. Thanks for letting me know. And no, I don't have any patch against those issues on my side yet. I see you already came up with some, so I will have a look at your patches. > I could not find any bug tracker > with open issues so I'm writing to you directly. The subversion > repository has no recent history related to those issues either. We do have a bug tracker: https://bugs.linuxsampler.org However it currently does not accept new user (self)registrations, because we had to struggle with massive spam bot attacks on that tracker. So we decided to disable self-registrations for a while. Thanks! CU Christian
