[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
I noticed that as well, but suspected they were notified via more then
one mechanism or had already found the bug internally. I find it funny
that they had the final code ready on the 28th, but still didn't get it
out to the public for another 2 weeks. I suppose they ran it through
one last QA procedure, or they just don't like to deliver things early.
-------- Original Message --------
Subject: Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary
From: Florian Weimer <fw@xxxxxxxxxxxxx>
To: Secunia Research <remove-vuln@xxxxxxxxxxx>
Date: 3/25/09 11:42 AM
* Secunia Research:
Update to version 7.1.1, 8.1.4, or 9.1.
6) Time Table
06/03/2009 - Vendor notified.
07/03/2009 - Vendor response.
25/03/2009 - Public disclosure.
Something doesn't add up because the 9.1 binary I've got was created
on February 28th, according to Verisign's time stamping signature in
the Authenticode signature.
Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
Curris Business Building 15
University of Northern Iowa
Cedar Falls, IA 50614-0121