Hello, To help clear up any confusion about the Discovery Dates associated with the group of advisories that we are publishing today, I should explain the situation. We are publishing our advisories in groups after each group is approved internally. With the exception of the Microsoft issues, none of the vulnerabilities have been posted or discussed in public forums or lists. The discovery date that we list in the advisories refers to the date on which we discovered the advisory, rather than the date that we made the information public. Since none of these vulnerabilities (except for the Solaris CACHEFSD) have been actively exploited / seen in the wild, we have been patient in working with and waiting for vendors to complete vulnerability validation, and for patches to be developed and posted to vendor sites. We plan to publish more advisories in the near future, and hopefully in a much more timely fashion. Regards, Ken Williams eSecurityOnline Research and Development Team Ken Williams ; CISSP ; Technical Lead ; ken.williamsat_private eSecurityOnline - an eSecurity Venture of Ernst & Young ken.williamsat_private ; www.esecurityonline.com ; 1-877-eSecurity
This archive was generated by hypermail 2b30 : Mon Apr 29 2002 - 18:22:01 PDT