lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <vejsb0l54bdad7htjk0bck42nj51ailokk@4ax.com>
From: roman at rs-labs.com (Roman Medina)
Subject: Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability

On Tue, 1 Jun 2004 16:59:42 -0700, you wrote:

>On Wed, Jun 02, 2004 at 01:49:01AM +0200, Roman Medina wrote:
>
>> In other words, many vendors/developers silently fixes bugs and they don't
>> necesarily have to know who is packaging their software and inform them.
>
>this way.  There is no need to contact every downstream vendor directly;
>they monitor the usual channels.

----
#ifdef _security_perspective_
#define usual_channels bugtraq other_lists
#endif

#ifdef _devel_perspective_
#define usual_channels changelog_file
#endif

printf("My usual channels are: %s", usual_channels);
----

It was some kind of pseudocode :-) Question: which perspective are
using Debian maintainers to monitorize their packages? In the
particular case of SM, the old XSS issues were listed in ChangeLog,
but .deb package was not updated. Why?

 Saludos,
 --Roman

--
PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB  29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ