lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <17480.1314301920@turing-police.cc.vt.edu>
Date: Thu, 25 Aug 2011 15:52:00 -0400
From: Valdis.Kletnieks@...edu
To: Georgi Guninski <guninski@...inski.com>
Cc: full-disclosure@...ts.grok.org.uk, Mark J Cox <mjc@...che.org>
Subject: Re: Apache Killer

On Thu, 25 Aug 2011 21:35:04 +0300, Georgi Guninski said:
> On Wed, Aug 24, 2011 at 10:45:53AM +0100, Mark J Cox wrote:
> > Use CVE-2011-3192.
>
> why the fuck use this shit?

So that when two different people issue advisories about it, if they both say
CVE-2011-3192, we know it's the same issue.  Otherwise if you got some people
writing about Kingcope's hole with gzip and others writing about Zalewski's
hole with Range: it's hard to tell if they're really the same issue or not.


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ