Full Disclosure mailing list archives
Re: Operating Systems Security, "Microsoft Security, baby steps"
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 18 Mar 2004 10:31:36 +0100
Todd Burroughs wrote:
I know that other major software companies use OpenSSL in their products; the "free/open source" software community responds very quickly, much faster than any commercial vendor (I noticed that Cisco released a patch). This is proof, same day fix vs. fix in a few months.
openssl (0.9.6c-2.woody.5) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to fix NULL pointer dereference in do_change_cipher_spec (CAN-2004-0079) -- Matt Zimmerman <mdz () debian org> Fri, 27 Feb 2004 09:16:45 -0800 This can hardly be considered a "same day fix". We don't even know how many weeks this bug was in circulation in the vendor community before that date. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com, libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, wanadoo.fr, yahoo.com. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Florian Weimer (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Mark J Cox (Mar 18)
- Re: Operating Systems Security, 'Microsoft Security, baby steps' Daniele Muscetta (Mar 18)
- RE: [inbox] Operating Systems Security, "Microsoft Security, baby steps" Curt Purdy (Mar 18)
- <Possible follow-ups>
- RE: Operating Systems Security, "Microsoft Security, baby steps" Schmehl, Paul L (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Luke Scharf (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Nico Golde (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Ben Laurie (Mar 22)
- When do exploits get used? Paul Schmehl (Mar 22)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Florian Weimer (Mar 18)