- From: Laurent Carcone <carcone@w3.org>
- Date: Thu, 13 Jan 2011 09:36:09 +0100
- To: Helder Magalhães <helder.magalhaes@gmail.com>
- CC: Yuhong Bao <yuhongbao_386@hotmail.com>, www-amaya@w3.org
Hello, We have fixed this problem in the cvs version. We are looking for some similar cases in the code. We'll certainly release a new version soon. Thanks for the report, Laurent Carcone Le 09/01/11 12:10, Helder Magalhães a écrit : > Hi Yuhong, > > >> I just tried mangleme on Amaya, and the attached HTML cause Amaya 11.3.1 to crash with this: >> *** buffer overflow detected ***: /usr/lib/Amaya/wx/bin/amaya_bin terminated > I can't speak for the Amaya team but, generally, this kind of > (security-related) issues should be reported wisely: you just opened > the possibility for a zero-day attack [1] affecting Amaya users! :-( > > I just checked the W3C bug tracker [2] and, unfortunately, the > Bugzilla version being used doesn't allow reporting issues privately > (Mozilla's official install already has an option [3] for this). One > should probably report privately to the team members [4] and, > optionally, request public credit once a fix to the issue is widely > made available. (Note that, naturally, I'm not making this up, these > are procedures already used in several OSS projects.) > > >> Yuhong Bao > Cheers, > Helder > > > -- > Helder M. A. Magalhães > http://heldermagalhaes.com/ > > > [1] http://en.wikipedia.org/wiki/Zero-day_attack > [2] http://www.w3.org/Bugs/Public/buglist.cgi?product=Amaya > [3] "[checkbox] Many users could be harmed by this security problem: > it should be kept hidden from the public until it is resolved." > [4] http://www.w3.org/Amaya/Actors.html > >
Received on Thursday, 13 January 2011 08:36:45 UTC