[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] iDEFENSE Security Advisory 08.16.04: CVS Undocumented Flag Information Disclosure Vulnerability
- To: customerservice@xxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] iDEFENSE Security Advisory 08.16.04: CVS Undocumented Flag Information Disclosure Vulnerability
- From: Stefan Esser <s.esser@xxxxxxxxxxxx>
- Date: Mon, 16 Aug 2004 21:02:57 +0200
Hi iDEFENSE,
> This issue was patched in the latest (June 9th) releases of CVS,
> specifically 1.11.17 & 1.12.9.
well guess WHY it was fixed... maybe because it was found and
reported by Sebastian Krahmer back ub May?
> VIII. CREDIT
>
> An anonymous contributor is credited with discovering this
> vulnerability.
...
> Get paid for vulnerability research
The bug was officially fixed with the last releases because it was
already found at that time by Sebastian Krahmer. So I suggest that you
ask him for his bank account.
It is quite funny that this is the 3rd (or maybe 4th) incident I know
off, where you pay people for vulnerabilities that were already found
and reported by others.
Stefan Esser
--
--------------------------------------------------------------------------
Stefan Esser s.esser@xxxxxxxxxxxx
e-matters Security http://security.e-matters.de/
GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69
Key fingerprint B418 B290 ACC0 C8E5 8292 8B72 D6B0 7704 CF6C AE69
--------------------------------------------------------------------------
Did I help you? Consider a gift: http://wishlist.suspekt.org/
--------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html