| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2be58a30601050402y4865cdd6qc18e5f730a1bcbe8@mail.gmail.com> Date: Thu Jan 5 12:02:56 2006 From: infosecbofh at gmail.com (InfoSecBOFH) Subject: WMF round-up, updates and de-mystification Sorry Dick. Not FUD but Fact. The patch, if you are stupid enough to trust a third party patch in the first place, is not perfect. So tell me again why I should share why? Just wait for and trust your MS patch.. come on.. .would I lie to you? :P On 1/3/06, Richard M. Smith <rms@...puterbytesman.com> wrote: > Why the FUD? Under what circumstances are you aware the patch doesn't work? > Hoarding information isn't very helpful in a situation like this. Are we > talking about .5%, 5%, or 50% failure mode for the patch? How does the > failure mode of the patch compare to Microsoft's solution of killing the > Microsoft Picture/FAX viewer which also has its limitations. (Example, > someone is using a different viewer program for .WMF files that also has the > flaw.) > > Richard > > -----Original Message----- > From: InfoSecBOFH [mailto:infosecbofh@...il.com] > Sent: Tuesday, January 03, 2006 6:35 AM > To: Gadi Evron > Cc: bugtraq@...urityfocus.com; FunSec [List]; > full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] WMF round-up, updates and de-mystification > > So this patch is trusted because you said so? > > I have tested and confirmed that this patch only works in specific > scnenarios and does not mitigate the entire issue. Variations still work. >
Powered by blists - more mailing lists