Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"
From: Florian Weimer (fwdeneb.enyo.de)
Date: Thu Mar 18 2004 - 03:31:36 CST
Todd Burroughs wrote:
> I know that other major software companies use OpenSSL in their products;
> the "free/open source" software community responds very quickly, much
> faster than any commercial vendor (I noticed that Cisco released
> a patch). This is proof, same day fix vs. fix in a few months.
openssl (0.9.6c-2.woody.5) stable-security; urgency=high
* Non-maintainer upload by the Security Team
* Apply upstream patch to fix NULL pointer dereference in
-- Matt Zimmerman <mdzdebian.org> Fri, 27 Feb 2004 09:16:45 -0800
This can hardly be considered a "same day fix".
We don't even know how many weeks this bug was in circulation in the
vendor community before that date.
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com,
libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz,
tiscali.it, voila.fr, wanadoo.fr, yahoo.com.
Full-Disclosure - We believe in it.