Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

security bugs

http://seclists.org/fulldisclosure/2009/Apr/0129.html:
VIII. DISCLOSURE TIMELINE
06/28/2006 - Initial Contact
06/29/2006 - PoC Requested
06/29/2006 - PoC Sent
10/05/2006 - Vendor Status Update
01/24/2007 - Vendor Status Update
02/12/2008 - Vendor Status Update
03/31/2009 - CVE Assigned
04/14/2009 - Coordinated Public Disclosure
That's a loooong time to sit on a bug.
Tags: hacking
Subscribe

  • my very own flash vulnerability

    CVE-2009-0521 was actually me: I was poking around trying to make Flash not crash on Linux Chromium and noticed something wasn't quite right. I had…

  • freetype bugs

    Since we were just talking about font parsing bugs: four more integer overflows in FreeType. Note the reporter (mentioned in the changelogs). Also…

  • dean schools me on assembly

    An old friend was in town the past few weeks and we worked together a bit. His background is in "the hacking scene" so I always learn a ton from him.…

  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 3 comments