lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 26 Dec 2020 13:59:08 -0500
From: "Mark E. Jeftovic" <markjr@...ydns.com>
To: Jason Geffner <geffner@...il.com>, Reed Loden <reed@...dloden.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD]
 CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze

Is there a transposition typo in the Mac OSX version number?

*Fixed Version:* |7.0.1.433| (Windows) and |7.1.0.434| (macOS)

My OSX Backblaze is reporting 7.0.2.470 as most recent version

On 2020-12-24 1:27 PM, Jason Geffner wrote:
> Thanks, Reed. I've updated the GitHub repository name to reflect this
> change. The detailed write-up can now be found at
> https://github.com/geffner/CVE-2020-8289/blob/master/README.md.
>
> On Tue, Dec 22, 2020 at 3:56 AM Reed Loden <reed@...dloden.com> wrote:
>
>> Due to a process fail, this CVE ID was accidentally reused for another
>> vulnerability.
>>
>> The updated CVE ID for this issue is CVE-2020-8289.
>>
>> We apologize to Jason and others for the inconvenience caused by this
>> error.
>>
>> Happy holidays,
>> ~reed
>> (for HackerOne)
>>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
-- 
Mark E. Jeftovic <markjr@...ydns.com>
Co-founder & CEO, easyDNS Technologies Inc.
AxisOfEasy.com <https://AxisOfEasy.com> - /For full coverage of a world
gone full cyberpunk.../

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ