Posted by Alan Coopersmith on Jun 27

Did you report them to libcial upstream? http://libical.github.io/libical/

While Thunderbird is still a beloved child of Mozilla, it’s been told it’s time
to move out of its parents house and find its own sources of income/support:

https://groups.google.com/d/msg/mozilla.governance/kAyVlhfEcXg/Eqyx1X62BQAJ
https://blog.mozilla.org/thunderbird/2015/12/thunderbird-active-daily-inquiries-surpass-10-million/

Posted by Brandon Perry on Jun 27

I had initially asked for contact information regarding reporting potentially sensitive security test cases, but after
a couple of days, I decided to look into another product that I figured would have more visibility and more power to
get things fixed.

https://github.com/libical/libical/issues/235 <https://github.com/libical/libical/issues/235>

Posted by Ash on Jun 27

( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….

Posted by Francesco Oddo on Jun 27

( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….

Posted by thedeadcow on Jun 27

Armadito (https://github.com/armadito) is a cross-platform open-source
antivirus, that was originally the DAVFI project, financed through a french
government program.

As a security product supposed to protect computers against malware, its
update system fails at multiple points:
* the public key used to check update packages is retrieved using plain HTTP.
The same goes for the packages themselves.
* if Armadito can’t download this…