Full Disclosure mailing list archives

Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory

From: Lisa Thalheim <thalheim () informatik hu-berlin de>
Date: Wed, 29 Aug 2007 12:25:52 +0200

Hi Sergio,

Sergio Alvarez wrote:

I ask for apologies for the mistake.
Unfortunately we can't give more details about the vulnerability because
the German Law (§202)


I beg to differ. The update to 202c is somewhat cryptic and it's still
unclear what its implications will be, although I know lawyers here (==
in .de) who say that the addition introduced is simply redundant.

But whatever your take on this 202c addition is: It really, really,
_really_ doesn't say anything about publishing information concerning
vulnerabilities.

Regards,
Lisa

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory security (Aug 24)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory 3APA3A (Aug 27)
  - Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Sergio Alvarez (Aug 28)
    - Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Kevin Finisterre (lists) (Aug 28)
    - Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Blue Boar (Aug 28)
    - Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Kevin Finisterre (lists) (Aug 28)
    - Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Simon Smith (Aug 29)
    - Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Valdis . Kletnieks (Aug 29)
    - Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Lisa Thalheim (Aug 29)