lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 On Fri, 07 Nov 2003 16:25:23 PST, security@....com said: > SCO Security Advisory > > Subject: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 > Advisory number: CSSA-2003-030.0 > Issue date: 2003 November 07 > Cross reference: sr883585 fz528203 erg712398 CAN-2003-0428 CAN-2003-0429 CAN-2003-0430 CAN-2003-0431 CAN-2003-0432 > _____________________________________________________________________________ Hmm... the same bugs that everybody *else* fixed back in *June*. I had to go digging to verify it *was* the same set of bugs, it's been so long. Discuss: If an advisory is *this* late in coming, should a vendor issue it or not? Compare and contrast the risks of a customer getting whacked by a *very* old vulnerability versus the risk of losing market share due to a perceived inability to ship security fixes on a timely basis. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031110/3b6a5f87/attachment.bin
Powered by blists - more mailing lists