lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ILEPILDHBOLAHHEIMALBEEFAGAAA.jasonc@science.org>
From: jasonc at science.org (Jason Coombs)
Subject: Adobe Acrobat and PDF security: no improvements for 2 years

Will somebody please re-work this timeline to include the arrest and trial?

Thanks.

  07/16/2001: "eBook Security: Theory and Practice" presentation on
              DefCon 9:
              http://www-2.cs.cmu.edu/~dst/Adobe/Gallery/defcon.ppt
  06/13/2002: Report sent to vendor
              (PASSKEY:75DF62C56A7DE9F888256BCB0001DF72)
  09/10/2002: Report sent to CERT
  10/08/2002: More detailed acknowledgment sent to reporter
  10/08/2002: Initial attempt to contact vendor via web feedback
  10/18/2002: Follow up to PR contact(s); point of contact initiated
  10/21/2002: Authentication loop closed; technical details sent
  10/29/2002: Ack asked for and received; further details sent
              related to report
  11/21/2002: Reporter asks for status update
  11/26/2002: Ping from reporter
  11/26/2002: Follow up with vendor to get status of report
  11/27/2002: Ack from vendor PR contact asserting more info soon
  11/28/2002: Follow up to vendor again asking for confirmation of
              details;
              let the vendor know reporter is willing to wait if
              details and solution acknowledged
  12/02/2002: Conversation with vendor contact verifying details of
              issue; mention made of issue being resolved in next
              release
  12/04/2002: Initial date identified for potential publication of the
              report
  12/09/2002: Vendor replies that their response is undergoing legal
              review
  12/18/2002: Reporter asks for status update; notes 45-day disclosure
              period over
  12/18/2002: Ack reporter
  12/18/2002: Ping vendor for written response again
  01/05/2003: Reporter asks for status update
  01/14/2003: Ack reporter; tentatively set publication date for 01/20
  01/20/2003: Reporter ack
  01/21/2003: Private CERT Vulnerability Card published with draft
              status
  03/19/2003: CERT Vulnerability Note (VU#549913) published:
              http://www.kb.cert.org/vuls/id/549913
  03/25/2003: Vendor Statement (JSHA-5EZQGZ) published:
              http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ
  07/02/2003: Updated vulnerability report by reporter to CERT
  07/04/2003: Updated vulnerability report sent by reporter to vendor

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ