On Wed, Jan 26, 2005 at 11:05:02PM +0000, Steve Kemp wrote:
>
> > KF found my format string bug in gpsd (#292370)! I can't prove
> > it, but I really found that bug too some time ago. I meant to
> > audit the rest of gpsd (bad idea?), but I didn't for some
> > reason, and now he's found it too and made it public. Oh well.
>
> I think that happens a lot. I've sat on a pile for a while
> and had a lot reported before I got round to patching them
> or writing things up. I guess it doesnt matter too much so
> long as they are fixed.
Yea, I agree with Steve, happens a lot. I've had this happen to many of the
/tmp vulnerabilities I pinpointed (but had not time to report yet) when the
Trustix Audit team reported them.
I also agree that the goal is to have this found and fixed. It doesn't
really matter too me (too much) if somebody else found it or I'm credited
for it.
Regards
Javier
signature.asc
Description: Digital signature
|
