Bugtraq mailing list archives
Re: [linux-security] [RHSA-1999:023-01] Potential security problem in gnumeric 0.23
From: davids () WEBMASTER COM (David Schwartz)
Date: Fri, 30 Jul 1999 08:35:44 -0700
Give people a chance to upgrade Gnumeric and I will happilly share the information with bugtraq (if someone does not read the 10 diffs in the meantime).I understand your intentions, but I don't think they makeany sense. I do not understand what do you mean. Why do you say it does not make sense to try (only try) to protect users by not disclosing the information now?
Because the way you have left things, only those most strongly motivated to
determine the exploit will know it. Those most strongly motivated to
determine it are those who would exploit it. And you've left the users in
the dark.
You can trust me in the meantime. Hey, if you are running Gnumeric currently you are already trusting me ;-)
It's not a matter of trusting you. It's a matter of having sufficient
information to determine whether this exploit warrants an immediate upgrade.
I will disclose all information after people have had a chance to upgrade their Gnumerics.
Yes, but those who wish to exploit the defect will already know it. You've
given the bad guys a lead on the good guys.
DS
Current thread:
- Re: [linux-security] [RHSA-1999:023-01] Potential security problem in gnumeric 0.23 Edward S. Marshall (Jul 25)
- <Possible follow-ups>
- Re: [linux-security] [RHSA-1999:023-01] Potential security problem in gnumeric 0.23 Miguel de Icaza (Jul 29)
- Re: [linux-security] [RHSA-1999:023-01] Potential security problem in gnumeric 0.23 David Schwartz (Jul 30)
- Re: [linux-security] [RHSA-1999:023-01] Potential security problem in gnumeric 0.23 Rogier Wolff (Jul 31)
- Re: [linux-security] [RHSA-1999:023-01] Potential security problem in gnumeric 0.23 David Schwartz (Jul 30)