| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <438DB2E1.7030403@katamail.com> Date: Wed, 30 Nov 2005 15:10:41 +0100 From: ascii <ascii@...amail.com> To: Paul Laudanski <zx@...tlecops.com>, full-disclosure@...ts.grok.org.uk, ml@...urezza.org, bugtraq@...urityfocus.com, news@...uriteam.com, bugs@...uritytracker.com, vuln@...unia.com Subject: Re: WebCalendar Multiple Vulnerabilities Paul Laudanski wrote: > I too tried contacting the vendor but received no response. Your timing > of vendor notice and vul'n release are fast unfortunately. Taking a look, > simple functions in PHP can be called upon to fix those issues. thanks Paul for the cooperation : ) i'm sorry i hadn't updated the advisory but now i done * * * * VI. VENDOR RESPONSE We had a response from Craig Knudsen, the project leader, on 20051128 night. The same day the fast Craig resolved 3 of the 4 issues in the REL_1_0_0 branch of CVS, so soon a new version (probably 1.0.2) will be released to the public. * * * * also on the sourceforge project site there are these posts related to this advisory (thanks Craig for the links) http://sourceforge.net/forum/forum.php?thread_id=1392833&forum_id=11587 http://sourceforge.net/forum/forum.php?thread_id=1393468&forum_id=11587 http://sourceforge.net/mailarchive/forum.php?thread_id=9091328&forum_id=46247 http://sourceforge.net/mailarchive/forum.php?thread_id=9089995&forum_id=46247 ascii - http://www.ush.it _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists