[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Secunia published adviso without respectingrelease date !

To: "<ad@xxxxxxxxxxxx>" <ad@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Secunia published adviso without respectingrelease date !
From: Xavier Beaudouin <kiwi@xxxxxxx>
Date: Thu, 14 Jul 2005 12:59:49 +0200

This is usual with secunia..

I had at "bug" in a beta version of software and they "release" a vulnerability to *all* version of this software without even inform the maintainer (me) of this "pseudo advisory".

My thought with this guys are now : don't even trust them... They push advisory without testing and respect the usual way to inform developper as it should.

My 0,02€
/xavier
Le 13 juil. 05 à 23:45, <ad@xxxxxxxxxxxx> <ad@xxxxxxxxxxxx> a écrit :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Then don't send to Secunia b4 the rls date ! HUH

- -----Message d'origine----- De : full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full- disclosure-bounces@xxxxxxxxxxxxxxxxx] De la part de Eric Romang Envoyé : mardi 12 juillet 2005 21:09 À : support@xxxxxxxxxxx Cc : full-disclosure@xxxxxxxxxxxxxxxxx; Eric Romang Objet : [Full- disclosure] Secunia published adviso without respectingrelease date !


Hello,

This adviso are published on your website, but the patch are not
already ok.
I have contact upstream today, before you release the adviso, so they
could react.

As you  can see in the adviso, the release date was not given !!!!

http://secunia.com/advisories/16040/
http://secunia.com/advisories/16040/
http://secunia.com/advisories/16038/

You release adviso without respect the normal process to publish adviso.

This guy is monitoring my /adviso/ folder.

80.161.200.182

I think this guy is working for you.

So please say to him to respect the normal process in a security
process.

Regards.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2rc2 (MingW32)

iQIVAwUBQtWLU6+LRXunxpxfAQL+1w/+IE947ec5TVHTUox8RC5JCSSAkk+C3GTf
wAvkTzYoN7p0LLgFOGmf0oZUQytxQ1QKjgRSv0WeHM3sh/ZX3E33l6z+1aPwLOsO
asJDVVYHoxJMTbxccO01dM724UvANPvfO68Y3YHOIcZupJQhzuIqIR8u+clUwwpc
M7bToYBMaQbyGKCPuBpVdUqK8DVuXj9Q/+Fz8G+2kvEfM/leGhkOh55AWqcQyyJ0
YMEYFz4pxoR7HnYvMbxh3GLdRda0YhQj12uNw29VacLDmlYJ9JEIp2skfuk/nMM/
CMoVGMHz+HbOhBJTOYoLvqVUcPB9rahXNxgRHas/z8gydFUYzY8IXF5oWlAnw6UQ
XrAYR9EvEJaXFO+FqDAoppEnvfv7NNm+dzs5yZCZM1cKel028Zg95sKkzjoAnqZA
CfVke2I7/0nFX3gnq/Ka54reKKKk0U732zwV1RFqanmaVueCsmoj8IhbL+3Gc1So
fwuhG5uGXskTqVh0qr3FMxXgf9dHDJqzZyTIS2Wi2St8SZzAQSOfIpZ8tuOA4YQO
QK3hIOExKFDzZXSidlZzR0455YQKEyzjuylctWRcZwx51a/E6u1/ZDty/DRgO37S
d4YFiD0za38qE7Etu5nEG1CZIhlU5mroKCqE00ld97eu9rv2tUeYC/aN4W+wnOTm
S6Q77U46E8A=
=VbS3
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Secunia published adviso withoutrespectingrelease date !
  - From: Jerome Athias

References:
- Re: [Full-disclosure] Secunia published adviso without respectingrelease date !
  - From: ad

Prev by Date: [Full-disclosure] [ GLSA 200507-13 ] pam_ldap and nss_ldap: Plain text authentication leak
Next by Date: Re: [Full-disclosure] acct-6.3.2 has a bug!
Previous by thread: Re: [Full-disclosure] Secunia published adviso without respectingrelease date !
Next by thread: Re: [Full-disclosure] Secunia published adviso withoutrespectingrelease date !
Index(es):
- Date
- Thread