Full Disclosure mailing list archives
Re: mnogosearch 3.1.20 and 3.2.10 buffer overflow
From: "Steven M. Christey" <coley () mitre org>
Date: Tue, 10 Jun 2003 13:00:37 -0400 (EDT)
Vendor has been contacted on 01/06/2003 and fix is available from cvs at http://www.mnogosearch.org.------------ end snippy ----------- 5 months... This is full disclosure?
Maybe that date is really June 1, 2003, since many countries list the month second, not first. By the way, these DD/MM/YYYY or MM/DD/YYYY formats often make it difficult to quantify how much notice a vendor really had before the issue was published. This has affected the accuracy of my past aborted attempts to figure out how long vendors *really* take to fix issues, and it may hamper any future attempts. Using formats like YYYY/MM/DD or "Month DD, YYYY" generally seems to address the confusion. - Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- mnogosearch 3.1.20 and 3.2.10 buffer overflow pokleyzz (Jun 10)
- Re: mnogosearch 3.1.20 and 3.2.10 buffer overflow morning_wood (Jun 10)
- Re: mnogosearch 3.1.20 and 3.2.10 buffer overflow John Cartwright (Jun 10)
- Re: mnogosearch 3.1.20 and 3.2.10 buffer overflow Larry W. Cashdollar (Jun 10)
- <Possible follow-ups>
- Re: mnogosearch 3.1.20 and 3.2.10 buffer overflow Steven M. Christey (Jun 10)
- (offtopic) datestamp formats and timezones Justin (Jun 10)
- Re: mnogosearch 3.1.20 and 3.2.10 buffer overflow morning_wood (Jun 10)