Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2016-5824: use-after-free issues #286

Closed
rhertzog opened this issue Jan 20, 2017 · 2 comments
Closed

CVE-2016-5824: use-after-free issues #286

rhertzog opened this issue Jan 20, 2017 · 2 comments

Comments

@rhertzog
Copy link

@brandonprry has been fuzzing libical last year and found some issues, he reported them first in #235 but closed the ticket when he opened the same ticket against thunderbird in the hope to get more answers: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400 Also lacking any positive answer there, he published all his fuzzing results here: https://github.com/brandonprry/ical-fuzz

At this point it's not clear whether those issues have been fixed in libical and if they have, it would be nice to know which commit fixed them. This is the point of this ticket.

A CVE number has been assigned to those issues: https://security-tracker.debian.org/tracker/CVE-2016-5824 (CVE assignment here: http://seclists.org/oss-sec/2016/q2/604)

@rhertzog
Copy link
Author

Apparently #251 might be related.

@winterz
Copy link
Member

winterz commented Jan 27, 2017

right. I had individual issues already assigned for those CVEs. all of them are fixed now except for #253 which we don't know what to do about.

@winterz winterz closed this as completed Jan 27, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants