lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [month] [year] [list] 
From: dveditz at cruzio.com (Daniel Veditz)
Subject: iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla
 SOAPParameter Constructor Integer Overflow Vulnerability

> VIII. DISCLOSURE TIMELINE
>
> 01/17/2004   Exploit acquired by iDEFENSE.
> 03/05/2004   Bug sent to Netscape Security Bug form at
>              http://cgi.netscape.com/cgi-bin/bug-security.cgi
> 03/05/2004   Bug entered into bugzilla.mozilla.org
>              http://bugzilla.mozilla.org/show_bug.cgi?id=236618
> 03/05/2004   iDEFENSE clients notified
> 07/09/2004   Patch submitted into Mozilla source tree.
>              http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c22
> 08/02/2004   Public disclosure

The fix was checked in March 8, 2004
http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c12

The July check-in was a back-port to the 1.4 branch

-Dan Veditz

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux