| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: s.esser at e-matters.de (Stefan Esser) Subject: iDEFENSE Security Advisory 08.16.04: CVS Undocumented Flag Information Disclosure Vulnerability Hi iDEFENSE, > This issue was patched in the latest (June 9th) releases of CVS, > specifically 1.11.17 & 1.12.9. well guess WHY it was fixed... maybe because it was found and reported by Sebastian Krahmer back ub May? > VIII. CREDIT > > An anonymous contributor is credited with discovering this > vulnerability. ... > Get paid for vulnerability research The bug was officially fixed with the last releases because it was already found at that time by Sebastian Krahmer. So I suggest that you ask him for his bank account. It is quite funny that this is the 3rd (or maybe 4th) incident I know off, where you pay people for vulnerabilities that were already found and reported by others. Stefan Esser -- -------------------------------------------------------------------------- Stefan Esser s.esser@...atters.de e-matters Security http://security.e-matters.de/ GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 Key fingerprint B418 B290 ACC0 C8E5 8292 8B72 D6B0 7704 CF6C AE69 -------------------------------------------------------------------------- Did I help you? Consider a gift: http://wishlist.suspekt.org/ --------------------------------------------------------------------------
Powered by blists - more mailing lists