| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: noir at uberhax0r.net (noir@...rhax0r.net) Subject: yet another panic() in OpenBSD "please note that" i am here setting the public records straight because obsd's book keeping seems to be quite wage when it comes to vulnerablities. what has happen to the openssh remotely exploitable "crc32 deattack.c" vulnerability in the default install ? (i can remember, exploiting it on obsd 2.7 default) what about the in.talkd remote format string vulnerability (2.6, 2.7 ..) ? so can we say "3 remote vulnerabilities in blah years" or maybe more ? it seems like mr. hemming would not want to "note that" ... - noir On Sat, 22 Nov 2003, Henning Brauer wrote: > please note that patch 008 for OpenBSD 3.4 / 013 for OpenBSD 3.3 fixes that > issue. > This patch was out _before_ the above post. > > It's not really hard to look at the patch and post to fd afterwards... > > -- > Henning Brauer, BS Web Services, http://bsws.de > hb@...s.de - henning@...nbsd.org > Unix is very simple, but it takes a genius to understand the simplicity. > (Dennis Ritchie) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists