lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040318093136.GA2618@deneb.enyo.de>
From: fw at deneb.enyo.de (Florian Weimer)
Subject: Operating Systems Security, "Microsoft Security, baby steps"

Todd Burroughs wrote:

> I know that other major software companies use OpenSSL in their products;
> the "free/open source" software community responds very quickly, much
> faster than any commercial vendor (I noticed that Cisco released
> a patch).  This is proof, same day fix vs. fix in a few months.

openssl (0.9.6c-2.woody.5) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Apply upstream patch to fix NULL pointer dereference in
    do_change_cipher_spec (CAN-2004-0079)

 -- Matt Zimmerman <mdz@...ian.org>  Fri, 27 Feb 2004 09:16:45 -0800

This can hardly be considered a "same day fix".

We don't even know how many weeks this bug was in circulation in the
vendor community before that date.

-- 
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com,
libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz,
tiscali.it, voila.fr, wanadoo.fr, yahoo.com.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ