lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Jun 2004 16:59:42 -0700 From: Matt Zimmerman <mdz@...ian.org> To: Roman Medina <roman@...labs.com> Cc: Lupe Christoph <lupe@...e-christoph.de>, full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com, vulnwatch@...nwatch.org, security@...ian.org Subject: Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability On Wed, Jun 02, 2004 at 01:49:01AM +0200, Roman Medina wrote: > In other words, many vendors/developers silently fixes bugs and they don't > necesarily have to know who is packaging their software and inform them. Such vendors/developers are doing a their users and the community a disservice. Proper public disclosure of vulnerabilities requires very little effort on their part; there is no good reason to conceal information this way. There is no need to contact every downstream vendor directly; they monitor the usual channels. -- - mdz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists