oss-sec mailing list archives
Re: CVE-2016-9963 Exim private information leak
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 22 Dec 2016 06:42:43 -0500
On Thu, Dec 22, 2016 at 6:28 AM, Heiko Schlittermann <hs () schlittermann de> wrote:
Jeffrey Walton <noloader () gmail com> (Do 22 Dez 2016 12:06:41 CET): …The bad guys already knew about the problem, or the motivated ones found it after the partial disclosure.Partial disclousure? I think, there was no disclosure at all, beside requesting a CVE and talking about a possible leak of private information. Is this enough to call it "partial disclousure"?
All they need is a toehold. When the rumors started circulating about CRIME, a number of folks figured out the attack before Duong and Rizzo presented it. Jeff
Current thread:
- CVE Request - Exim 4.69-4.87 - disclosure of private information Heiko Schlittermann (Dec 15)
- Re: CVE Request - Exim 4.69-4.87 - disclosure of private information cve-assign (Dec 15)
- CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 18)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 20)
- Re: CVE-2016-9963 Exim private information leak Kurt H Maier (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Kurt H Maier (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
- CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 18)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Kurt Seifried (Dec 22)
- Re: CVE Request - Exim 4.69-4.87 - disclosure of private information cve-assign (Dec 15)
- Re: CVE-2016-9963 Exim private information leak Johannes Segitz (Dec 22)
- CVE-2016-9963 | Exim 4.87.1 released (Was: CVE Request - Exim 4.69-4.87) - disclosure of private information) Heiko Schlittermann (Dec 25)