[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenSSH Security Advisory: buffer.adv
On Tue, 16 Sep 2003, Theo de Raadt wrote:
> > > ISS claims on their site to have discovered it...
> > > http://xforce.iss.net/xforce/alerts/id/144
> > But that is now how we became aware of it.
> I meant:
> But that is NOT how we became aware of it; we became aware because of
> a posting of the function in question by someone on some list.
> > I think they want credit though they did not disclose it to the
> > vendor.
> Hence, I made this comment.
So again ISS was unable to make a coordinated disclosure.