Full Disclosure mailing list archives
Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability
From: Matt Zimmerman <mdz () debian org>
Date: Tue, 1 Jun 2004 16:59:42 -0700
On Wed, Jun 02, 2004 at 01:49:01AM +0200, Roman Medina wrote:
In other words, many vendors/developers silently fixes bugs and they don't necesarily have to know who is packaging their software and inform them.
Such vendors/developers are doing a their users and the community a disservice. Proper public disclosure of vulnerabilities requires very little effort on their part; there is no good reason to conceal information this way. There is no need to contact every downstream vendor directly; they monitor the usual channels. -- - mdz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability Lupe Christoph (Jun 01)
- Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability Roman Medina (Jun 01)
- Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability Matt Zimmerman (Jun 01)
- Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability Cory Donnelly (Jun 02)
- Re: Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability Roman Medina (Jun 02)
- Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability Matt Zimmerman (Jun 01)
- Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability Roman Medina (Jun 01)