Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: iDEFENSE Security Advisory 08.16.04: CVS Undocumented Flag Information Disclosure Vulnerability

From: Stefan Esser <s.esser () e-matters de>
Date: Mon, 16 Aug 2004 21:02:57 +0200
Hi iDEFENSE,


This issue was patched in the latest (June 9th) releases of CVS,
specifically 1.11.17 & 1.12.9.


well guess WHY it was fixed... maybe because it was found and 
reported by Sebastian Krahmer back ub May?


VIII. CREDIT

An anonymous contributor is credited with discovering this
vulnerability.

...

Get paid for vulnerability research


The bug was officially fixed with the last releases because it was
already found at that time by Sebastian Krahmer. So I suggest that you
ask him for his bank account.

It is quite funny that this is the 3rd (or maybe 4th) incident I know
off, where you pay people for vulnerabilities that were already found
and reported by others.

Stefan Esser

-- 

--------------------------------------------------------------------------
 Stefan Esser                                        s.esser () e-matters de
 e-matters Security                         http://security.e-matters.de/

 GPG-Key                gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 
 Key fingerprint       B418 B290 ACC0 C8E5 8292  8B72 D6B0 7704 CF6C AE69
--------------------------------------------------------------------------
 Did I help you? Consider a gift:            http://wishlist.suspekt.org/
--------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: