Full Disclosure mailing list archives
Re: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12
From: Valdis.Kletnieks () vt edu
Date: Mon, 10 Nov 2003 14:18:36 -0500
On Fri, 07 Nov 2003 16:25:23 PST, security () sco com said:
SCO Security Advisory Subject: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 Advisory number: CSSA-2003-030.0 Issue date: 2003 November 07 Cross reference: sr883585 fz528203 erg712398 CAN-2003-0428 CAN-2003-0429
CAN-2003-0430 CAN-2003-0431 CAN-2003-0432
_____________________________________________________________________________
Hmm... the same bugs that everybody *else* fixed back in *June*. I had to go digging to verify it *was* the same set of bugs, it's been so long. Discuss: If an advisory is *this* late in coming, should a vendor issue it or not? Compare and contrast the risks of a customer getting whacked by a *very* old vulnerability versus the risk of losing market share due to a perceived inability to ship security fixes on a timely basis.
Attachment:
_bin
Description:
Current thread:
- OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 security (Nov 07)
- Re: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 Valdis . Kletnieks (Nov 10)
- OFFTOPIC Re: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 OFFTOPIC Kurt Seifried (Nov 10)
- Re: OFFTOPIC Re: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 OFFTOPIC Valdis . Kletnieks (Nov 10)
- OFFTOPIC Re: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 OFFTOPIC Kurt Seifried (Nov 10)
- Re: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 Valdis . Kletnieks (Nov 10)