| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: kiwi at oav.net (Xavier Beaudouin)
Subject: Regarding Secunia Advisory SA13040.
Hello there,
As a maintainer of Caudium Webserver I wishes the following things
1- Secunia didn't contact us about this "advisory" you have
certainly googled the bugtracker on sourceforge and make this
advisory without contacting us before, so this is NOT the rules
about security advisory.
2- The Advisory it partialy false. You write that it affects Caudium
1.x branch. Since there is only one branch about Caudium this is
really disinformation about our software.
3- Secunia DIDN'T contact us (if you look at the source there is
mailing lists, emails and whatever things to help third party
people to contact us.
4- The "advisory" (and even the lasted change logs) say all version
of Caudium which is false, the ONLY VERSION that have the
bug (because IT IS a bug) is 1.4RC1 not 1.4RC2 or even 1.0.xx /
1.2.xx branch.
5- You didn't TEST by yourself before releasing this advisory, I can
consider that as half-done work...
Because of that. I ask Secunia.com to REMOVE this advisory because all
its contents is false and inaccurate. I really hope that all
of other work of Secunia.com is better than the extract I just saw...
Sincerly Xavier
--
Xavier Beaudouin - Unix System Administrator & Projects Leader.
President of Kazar Organization : http://www.kazar.net/
Please visit http://caudium.net/, home of Caudium & Camas projects
Powered by blists - more mailing lists