Re: full disclosure?

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

If posting to CVE and NVD handlers at the same time it's a good advice to use BCC...

Juha-Matti

sunjester [tripmonster () gmail com] wrote: 
> this is in regards to...
>
> Message: 1
> > Date: Mon, 27 Apr 2009 16:39:32 +0200
> > From: Thierry Zoller <Thierry () Zoller lu>
> > Subject: [Full-disclosure] [TZO-13-2009] Avira Antivir generic CAB
> >        evasion /       bypass
> > To: NTBUGTRAQ <NTBUGTRAQ () LISTSERV NTBUGTRAQ COM>,       bugtraq
> >        <bugtraq () securityfocus com>,    full-disclosure
> >        <full-disclosure () lists grok org uk>, <info () circl etat lu>,
> >        <vuln () secunia com>, <cert () cert org>, <nvd () nist gov>, <cve () mitre org
> > >
> > Message-ID: <564846161.20090427163932 () Zoller lu>
> > Content-Type: text/plain; charset=iso-8859-15
> >
> > ______________________________________________________________________
> >
> >  From the low-hanging-fruit-department - Avira antivir bypass/evasion
> > ______________________________________________________________________
> >
> > Release mode: Coordinated but limited disclosure.
> > Ref         : TZO-132009 - Avira Antivir evasion CAB
> > WWW         :
> > http://blog.zoller.lu/2009/04/avira-antivir-generic-cab-bypass.html
> > Vendor      : http://www.avira.com
> > Status      : Patched
> > Security notification reaction rating : Good
> > Notification to patch window : 7 days (Eastern holidays in between)
> >
> > Disclosure Policy :
> > http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html
>
> there is no disclosure at all for this? am i missing the meaning of "full
> disclosure" ?
>
> -- 
> Lerie Taylor
> Lead Developer, Skin Care Heaven
> http://www.skincareheaven.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/