[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH Security Advisory: buffer.adv

To: Theo de Raadt <deraadt@cvs.openbsd.org>
Subject: Re: OpenSSH Security Advisory: buffer.adv
From: Dries Schellekens <gwyllion@ace.ulyssis.org>
Date: Wed, 17 Sep 2003 15:42:18 +0200 (CEST)
Cc: misc@cvs.openbsd.org
References: <200309170311.h8H3Bvdk027930@cvs.openbsd.org>

On Tue, 16 Sep 2003, Theo de Raadt wrote:

> OOOPS!!!
>
> > > ISS claims on their site to have discovered it...
> > > http://xforce.iss.net/xforce/alerts/id/144
> >
> > But that is now how we became aware of it.
>
> I meant:
>
> But that is NOT how we became aware of it; we became aware because of
> a posting of the function in question by someone on some list.
>
> > I think they want credit though they did not disclose it to the
> > vendor.
>
> Hence, I made this comment.

So again ISS was unable to make a coordinated disclosure.


Cheers,

Dries
--
Dries Schellekens
email: gwyllion@ulyssis.org

Follow-Ups:
- Re: OpenSSH Security Advisory: buffer.adv
  - From: "Dom De Vitto" <dom@DeVitto.com>

References:
- Re: OpenSSH Security Advisory: buffer.adv
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>

Prev by Date: oddness with OpenBSD-3.4-beta and IBM thinkpad R32
Next by Date: Re: 3.4 CDs
Prev by thread: Re: OpenSSH Security Advisory: buffer.adv
Next by thread: Re: OpenSSH Security Advisory: buffer.adv
Index(es):
- Date
- Thread