Bugtraq mailing list archives

Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow

From: "Eric C. Lukens" <eric.lukens () uni edu>
Date: Wed, 25 Mar 2009 14:20:40 -0500

I noticed that as well, but suspected they were notified via more thenone mechanism or had already found the bug internally. I find it funnythat they had the final code ready on the 28th, but still didn't get itout to the public for another 2 weeks. I suppose they ran it throughone last QA procedure, or they just don't like to deliver things early.


-Eric

-------- Original Message  --------

Subject: Re: Secunia Research: Adobe Reader JBIG2 Symbol DictionaryBuffer Overflow

From: Florian Weimer <fw () deneb enyo de>
To: Secunia Research <remove-vuln () secunia com>
Cc: bugtraq () securityfocus com
Date: 3/25/09 11:42 AM

* Secunia Research:
======================================================================5) Solution
Update to version 7.1.1, 8.1.4, or 9.1.
======================================================================6) Time Table
06/03/2009 - Vendor notified.
07/03/2009 - Vendor response.
25/03/2009 - Public disclosure.
Something doesn't add up because the 9.1 binary I've got was created
on February 28th, according to Verisign's time stamping signature in
the Authenticode signature.


--
Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
ITS-Network Services
Curris Business Building 15
University of Northern Iowa
Cedar Falls, IA 50614-0121
319-273-7434

Current thread:

Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Secunia Research (Mar 25)
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Florian Weimer (Mar 25)
  - Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Eric C. Lukens (Mar 25)
    - Re[2]: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Vladimir '3APA3A' Dubrovin (Mar 25)