lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CABTJqw87viF6sVm-ZyKuDMaPiNWZOSmsEmeQB4O2KmkuUWq_pA@mail.gmail.com>
Date: Sat, 26 Dec 2020 17:19:22 -0600
From: Jason Geffner <geffner@...il.com>
To: "Mark E. Jeftovic" <markjr@...ydns.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD]
	CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze

The message I received on April 17th, 2020 was as follows: "We recently
released a Win fix and Mac build from this code base should have the same
fix (Mac version 7.1.0.434)."

On Sat, Dec 26, 2020 at 12:59 PM Mark E. Jeftovic <markjr@...ydns.com>
wrote:

> Is there a transposition typo in the Mac OSX version number?
>
> *Fixed Version:* 7.0.1.433 (Windows) and 7.1.0.434 (macOS)
>
> My OSX Backblaze is reporting 7.0.2.470 as most recent version
> On 2020-12-24 1:27 PM, Jason Geffner wrote:
>
> Thanks, Reed. I've updated the GitHub repository name to reflect this
> change. The detailed write-up can now be found athttps://github.com/geffner/CVE-2020-8289/blob/master/README.md.
>
> On Tue, Dec 22, 2020 at 3:56 AM Reed Loden <reed@...dloden.com> <reed@...dloden.com> wrote:
>
>
> Due to a process fail, this CVE ID was accidentally reused for another
> vulnerability.
>
> The updated CVE ID for this issue is CVE-2020-8289.
>
> We apologize to Jason and others for the inconvenience caused by this
> error.
>
> Happy holidays,
> ~reed
> (for HackerOne)
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing listhttps://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>
> --
> Mark E. Jeftovic <markjr@...ydns.com> <markjr@...ydns.com>
> Co-founder & CEO, easyDNS Technologies Inc.
> AxisOfEasy.com - *For full coverage of a world gone full cyberpunk...*
>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ