lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <49CA8408.8040000@uni.edu> Date: Wed, 25 Mar 2009 14:20:40 -0500 From: "Eric C. Lukens" <eric.lukens@....edu> To: bugtraq@...urityfocus.com Subject: Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow I noticed that as well, but suspected they were notified via more then one mechanism or had already found the bug internally. I find it funny that they had the final code ready on the 28th, but still didn't get it out to the public for another 2 weeks. I suppose they ran it through one last QA procedure, or they just don't like to deliver things early. -Eric -------- Original Message -------- Subject: Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow From: Florian Weimer <fw@...eb.enyo.de> To: Secunia Research <remove-vuln@...unia.com> Cc: bugtraq@...urityfocus.com Date: 3/25/09 11:42 AM > * Secunia Research: > > >> ====================================================================== >> 5) Solution >> >> Update to version 7.1.1, 8.1.4, or 9.1. >> >> ====================================================================== >> 6) Time Table >> >> 06/03/2009 - Vendor notified. >> 07/03/2009 - Vendor response. >> 25/03/2009 - Public disclosure. >> > > Something doesn't add up because the 9.1 binary I've got was created > on February 28th, according to Verisign's time stamping signature in > the Authenticode signature. > -- Eric C. Lukens IT Security Policy and Risk Assessment Analyst ITS-Network Services Curris Business Building 15 University of Northern Iowa Cedar Falls, IA 50614-0121 319-273-7434
Powered by blists - more mailing lists