Wow, you pay about as much attention as microsoft does. That 93 is "days
overdue", 153 days after it was reported to that cluster of
incompetents. It really should read about 150 days overdue, someone
apparently felt it was reasonable to take 2 months to release a patch?
Besides, thats just the stuff that eeye notified them of, and doesn't
take into account reports from everyone else they pretend isn't a
problem until it makes headlines on CNN.
On Tue, 2004-02-10 at 21:14, Les Ault wrote:
> Apparently there are 7 upcoming advisories, and the oldest one is 93
> days old.
>
> Link: http://www.eeye.com/html/Research/Upcoming/index.html
>
> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Richard M.
> Smith
> Sent: Tuesday, February 10, 2004 9:41 PM
> To: full-disclosure@lists.netsys.com
> Subject: RE: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length
> Overflow Heap Corruption
>
> Hi Marc,
>
> >>> Date Reported: July 25, 2003
>
> Given that it took Microsoft almost 6 months to fix this problem, I'm
> wondering how many other Eeye security holes are in the queue that
> Microsoft
> is currently working on. Enquiring minds would like to know! ;-)
>
> Richard
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
Scott Taylor - <scott@BerthoudWireless.net>
"Nature abhors a Vacuum"
-- Brian Behlendorf on OSS (Open Sources, 1999 O'Reilly and Associates)
Attachment:
signature.asc
Description: This is a digitally signed message part