[exim] Re: [Full-Disclosure] iDEFENSE Security Advisory 01.1…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Florian Weimer
Data:  
Para: Marc Haber
CC: exim-users, customerservice, full-disclosure
Asunto: [exim] Re: [Full-Disclosure] iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability
* Marc Haber:

>> VIII. DISCLOSURE TIMELINE
>>
>> 09/30/2004 Initial vendor notification
>> 09/30/2004 Initial vendor response


> 01/04/2005 Vendor releases a patch


(publicly, by the way)

> 01/14/2005 Vendor releases interim release incorporating the patch


>> 01/14/2005 Public disclosure


I'd a bit surprised if this timeline were correct. I can't really
imagine Philip sitting on this bug for a couple of months.