| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Aug 2007 11:37:58 -0400 From: Simon Smith <simon@...soft.com> To: "Kevin Finisterre (lists)" <kf_lists@...italmunition.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory I LOVE THE DMCA! Kevin Finisterre (lists) wrote: > heh who would do such a thing? > > Guess we all get to wait and see who the first Guinea pig is gonna be. > > Hope germany has an EFF / Granick floating around to fight off some > of this nonsense. > -KF > > On Aug 28, 2007, at 6:49 PM, Blue Boar wrote: > >> I remember people being all paranoid about the DMCA. They were worried >> security researchers would be sued for trying to release vulnerability >> information. But since that turned out to be unfounded, I guess we >> don't >> have to worry about the German thing. ;) >> >> BB >> >> Kevin Finisterre (lists) wrote: >>> Would you have honestly provided *MORE* detail prior to the law being >>> in effect? >>> >>> Doesn't the law refer to things that are intended to be used for >>> illegal activity? >>> >>> I don't recall the advisories being any more verbose pre law.... >>> >>> Thanks. >>> -KF >>> >>> On Aug 27, 2007, at 4:41 PM, Sergio Alvarez wrote: >>> >>>> Hi 3APA3A, >>>> >>>> It was a mistake in the advisory, >>>> It should say: >>>> >>>> "Integer cast around in UPX packed files parsing" >>>> >>>> I ask for apologies for the mistake. >>>> Unfortunately we can't give more details about the vulnerability >>>> because >>>> the German Law (ยง202) >>>> >>>> Cheers, >>>> Sergio >>>> >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- - simon ---------------------- http://www.snosoft.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists