Re: IBM TFTP Server for Java vulnerability

• Previous message: nathan r. hruby: "[SEC] Hole in PHPLib 7.2 prepend.php3"
• In reply to: Patrick Medhurst: "IBM TFTP Server for Java vulnerability"
• Next in thread: David Howe: "Re: IBM TFTP Server for Java vulnerability"
• Next in thread: McHugh, Sean: "RE: IBM TFTP Server for Java vulnerability"
• Reply: David Howe: "Re: IBM TFTP Server for Java vulnerability"
• Reply: John Schultz: "Re: IBM TFTP Server for Java vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 20 Jul 2001, Patrick Medhurst wrote:
> The vendor was contacted on 19 June 2001 and responded on 20 June 2001
> as follows:
> "We will take a look at the issue and fix it as soon as possible".
> 
> Further correspondence requesting when a fix will be released has been
> ignored.

Just because a company can't tell you immediately when a bug will be
fixed, you say that you are being ignored and see fit to release an
advisory?  Do you have any idea how easy the problem will be to fix?
Probably not, and I bet IBM would have to do some research first, finding
out what code contains the problem, allocating developers, build
personnel, and QA the fix before even they know when a fix will be out.
Sheesh.

John Schultz
jschultzat_private

• Next message: Marcin Zurakowski: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
• Previous message: nathan r. hruby: "[SEC] Hole in PHPLib 7.2 prepend.php3"
• In reply to: Patrick Medhurst: "IBM TFTP Server for Java vulnerability"
• Next in thread: David Howe: "Re: IBM TFTP Server for Java vulnerability"
• Next in thread: McHugh, Sean: "RE: IBM TFTP Server for Java vulnerability"
• Reply: David Howe: "Re: IBM TFTP Server for Java vulnerability"
• Reply: John Schultz: "Re: IBM TFTP Server for Java vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 09:23:59 PDT