Date: Thu, 22 Aug 2013 13:42:48 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Huzaifa Sidhpurwala <huzaifas@redhat.com> Cc: oss-security@lists.openwall.com, freebsd-security@freebsd.org Subject: Re: [oss-security] FreeBSD Security Advisory FreeBSD-SA-13:10.sctp Message-ID: <86ppt6gddz.fsf@nine.des.no> In-Reply-To: <5215EC4F.1090405@redhat.com> (Huzaifa Sidhpurwala's message of "Thu, 22 Aug 2013 16:17:43 %2B0530") References: <201308220115.r7M1Fea3001317@freefall.freebsd.org> <86txiighrr.fsf@nine.des.no> <5215EC4F.1090405@redhat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Huzaifa Sidhpurwala <huzaifas@redhat.com> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > This also affects third-party software (Firefox, at the very least) > > that incorporates FreeBSD's SCTP implementation. > Are you sure about this? Allow me to amend my statement: this *may* also affect third-party software that incorporates our SCTP implementation, including Mozilla Firefox and Google Chrome. I can neither confirm nor deny that they are actually vulnerable; all I can say is that a) I have it on good authority that they use the same code (JFGI!) and b) they were notified in advance. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ppt6gddz.fsf>