Author: Florian Weimer
Date:
To: Marc Haber
CC: exim-users, customerservice, full-disclosure
Subject: [exim] Re: [Full-Disclosure] iDEFENSE Security Advisory 01.14.05:
Exim dns_buld_reverse() Buffer Overflow Vulnerability
* Marc Haber:
>> VIII. DISCLOSURE TIMELINE
>>
>> 09/30/2004 Initial vendor notification
>> 09/30/2004 Initial vendor response
> 01/04/2005 Vendor releases a patch
(publicly, by the way)
> 01/14/2005 Vendor releases interim release incorporating the patch
>> 01/14/2005 Public disclosure
I'd a bit surprised if this timeline were correct. I can't really
imagine Philip sitting on this bug for a couple of months.