On 1/26/06, Rob W <[EMAIL PROTECTED]> wrote: > Maybe it is a minor issue but where is the limit for when a security > announce and a patch is made available?
do you know what the preconditions necessary for exploit are? do you know the consequences of the bug? > <quote> > I got a "vendor confirmed" alert for this issue from Symantec's > DeepSight. It points to the CVS tree but also the errata page. I went > to look at the errata and couldn't find anything. > > So it's important enough to tell Symantec about it but not to put on > the errata page. I guess that I just don't understand what goes on the > errata.html. nobody told symantec. anyway, of course they list it. that way they can say "our vuln db has 88,400 entries, and secunia only has 88,295, and iss only has 87,957, so we're better." besides the fact that it's some dude's job to make those entries, and at the end of the week when his boss asks how many he added, the more the merrier.
