[exim] Re: [Full-Disclosure] iDEFENSE Security Advisory 01.1…

Top Page
Delete this message
Reply to this message
Author: Florian Weimer
Date:  
To: Marc Haber
CC: exim-users, customerservice, full-disclosure
Subject: [exim] Re: [Full-Disclosure] iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability
* Marc Haber:

>> VIII. DISCLOSURE TIMELINE
>>
>> 09/30/2004 Initial vendor notification
>> 09/30/2004 Initial vendor response


> 01/04/2005 Vendor releases a patch


(publicly, by the way)

> 01/14/2005 Vendor releases interim release incorporating the patch


>> 01/14/2005 Public disclosure


I'd a bit surprised if this timeline were correct. I can't really
imagine Philip sitting on this bug for a couple of months.