lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: dveditz at cruzio.com (Daniel Veditz)
Subject: iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla
 SOAPParameter Constructor Integer Overflow Vulnerability

> VIII. DISCLOSURE TIMELINE
>
> 01/17/2004   Exploit acquired by iDEFENSE.
> 03/05/2004   Bug sent to Netscape Security Bug form at
>              http://cgi.netscape.com/cgi-bin/bug-security.cgi
> 03/05/2004   Bug entered into bugzilla.mozilla.org
>              http://bugzilla.mozilla.org/show_bug.cgi?id=236618
> 03/05/2004   iDEFENSE clients notified
> 07/09/2004   Patch submitted into Mozilla source tree.
>              http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c22
> 08/02/2004   Public disclosure

The fix was checked in March 8, 2004
http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c12

The July check-in was a back-port to the 1.4 branch

-Dan Veditz


Powered by blists - more mailing lists