[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] full disclosure?

If posting to CVE and NVD handlers at the same time it's a good advice to use 
BCC...

Juha-Matti

sunjester [tripmonster@xxxxxxxxx] wrote: 
> this is in regards to...
> 
> Message: 1
> > Date: Mon, 27 Apr 2009 16:39:32 +0200
> > From: Thierry Zoller <Thierry@xxxxxxxxx>
> > Subject: [Full-disclosure] [TZO-13-2009] Avira Antivir generic CAB
> >        evasion /       bypass
> > To: NTBUGTRAQ <NTBUGTRAQ@xxxxxxxxxxxxxxxxxxxxxx>,       bugtraq
> >        <bugtraq@xxxxxxxxxxxxxxxxx>,    full-disclosure
> >        <full-disclosure@xxxxxxxxxxxxxxxxx>, <info@xxxxxxxxxxxxx>,
> >        <vuln@xxxxxxxxxxx>, <cert@xxxxxxxx>, <nvd@xxxxxxxx>, <cve@xxxxxxxxx
> > >
> > Message-ID: <564846161.20090427163932@xxxxxxxxx>
> > Content-Type: text/plain; charset=iso-8859-15
> >
> > ______________________________________________________________________
> >
> >  From the low-hanging-fruit-department - Avira antivir bypass/evasion
> > ______________________________________________________________________
> >
> > Release mode: Coordinated but limited disclosure.
> > Ref         : TZO-132009 - Avira Antivir evasion CAB
> > WWW         :
> > http://blog.zoller.lu/2009/04/avira-antivir-generic-cab-bypass.html
> > Vendor      : http://www.avira.com
> > Status      : Patched
> > Security notification reaction rating : Good
> > Notification to patch window : 7 days (Eastern holidays in between)
> >
> > Disclosure Policy :
> > http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html
> >
> 
> there is no disclosure at all for this? am i missing the meaning of "full
> disclosure" ?
> 
> -- 
> Lerie Taylor
> Lead Developer, Skin Care Heaven
> http://www.skincareheaven.com/
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/