lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: scott%BerthoudWireless.net at berthoudwireless.net (Scott Taylor)
Subject: EEYE: Microsoft ASN.1 Library Length
	Overflow Heap Corruption

Wow, you pay about as much attention as microsoft does. That 93 is "days
overdue", 153 days after it was reported to that cluster of
incompetents. It really should read about 150 days overdue, someone
apparently felt it was reasonable to take 2 months to release a patch?

Besides, thats just the stuff that eeye notified them of, and doesn't
take into account reports from everyone else they pretend isn't a
problem until it makes headlines on CNN.

On Tue, 2004-02-10 at 21:14, Les Ault wrote:
> Apparently there are 7 upcoming advisories, and the oldest one is 93
> days old. 
> 
> Link: http://www.eeye.com/html/Research/Upcoming/index.html
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Richard M.
> Smith
> Sent: Tuesday, February 10, 2004 9:41 PM
> To: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length
> Overflow Heap Corruption
> 
> Hi Marc, 
> 
>    >>> Date Reported: July 25, 2003
> 
> Given that it took Microsoft almost 6 months to fix this problem, I'm
> wondering how many other Eeye security holes are in the queue that
> Microsoft
> is currently working on.  Enquiring minds would like to know! ;-)
> 
> Richard
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
Scott Taylor - <scott@...thoudWireless.net> 

"Nature abhors a Vacuum"

  -- Brian Behlendorf on OSS (Open Sources, 1999 O'Reilly and Associates)

    
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040210/97e87687/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ