[Full-Disclosure] Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability
From: Matt Zimmerman <mdz@debian.org>
Date: Tue Jun 01 2004 - 19:59:42 EDT
Date: Tue Jun 01 2004 - 19:59:42 EDT
On Wed, Jun 02, 2004 at 01:49:01AM +0200, Roman Medina wrote:
> In other words, many vendors/developers silently fixes bugs and they don't
> necesarily have to know who is packaging their software and inform them.
Such vendors/developers are doing a their users and the community a
disservice. Proper public disclosure of vulnerabilities requires very
little effort on their part; there is no good reason to conceal information
this way. There is no need to contact every downstream vendor directly;
they monitor the usual channels.
-- - mdz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.htmlReceived on Tue Jun 01 22:11:06 2004
This archive was generated by hypermail 2.1.8 : Tue Jun 01 2004 - 23:01:08 EDT
Custom Search
