[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ILEPILDHBOLAHHEIMALBEEFAGAAA.jasonc@science.org>
From: jasonc at science.org (Jason Coombs)
Subject: Adobe Acrobat and PDF security: no improvements for 2 years
Will somebody please re-work this timeline to include the arrest and trial?
Thanks.
07/16/2001: "eBook Security: Theory and Practice" presentation on
DefCon 9:
http://www-2.cs.cmu.edu/~dst/Adobe/Gallery/defcon.ppt
06/13/2002: Report sent to vendor
(PASSKEY:75DF62C56A7DE9F888256BCB0001DF72)
09/10/2002: Report sent to CERT
10/08/2002: More detailed acknowledgment sent to reporter
10/08/2002: Initial attempt to contact vendor via web feedback
10/18/2002: Follow up to PR contact(s); point of contact initiated
10/21/2002: Authentication loop closed; technical details sent
10/29/2002: Ack asked for and received; further details sent
related to report
11/21/2002: Reporter asks for status update
11/26/2002: Ping from reporter
11/26/2002: Follow up with vendor to get status of report
11/27/2002: Ack from vendor PR contact asserting more info soon
11/28/2002: Follow up to vendor again asking for confirmation of
details;
let the vendor know reporter is willing to wait if
details and solution acknowledged
12/02/2002: Conversation with vendor contact verifying details of
issue; mention made of issue being resolved in next
release
12/04/2002: Initial date identified for potential publication of the
report
12/09/2002: Vendor replies that their response is undergoing legal
review
12/18/2002: Reporter asks for status update; notes 45-day disclosure
period over
12/18/2002: Ack reporter
12/18/2002: Ping vendor for written response again
01/05/2003: Reporter asks for status update
01/14/2003: Ack reporter; tentatively set publication date for 01/20
01/20/2003: Reporter ack
01/21/2003: Private CERT Vulnerability Card published with draft
status
03/19/2003: CERT Vulnerability Note (VU#549913) published:
http://www.kb.cert.org/vuls/id/549913
03/25/2003: Vendor Statement (JSHA-5EZQGZ) published:
http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ
07/02/2003: Updated vulnerability report by reporter to CERT
07/04/2003: Updated vulnerability report sent by reporter to vendor
Powered by blists - more mailing lists