[Full-Disclosure] mnogosearch 3.1.20 and 3.2.10 buffer overflow
Steven M. Christey
coley at mitre.org
Tue Jun 10 18:00:37 BST 2003
>> Vendor has been contacted on 01/06/2003 and fix is available from cvs at
>> http://www.mnogosearch.org.
>>
>------------ end snippy -----------
>
> 5 months... This is full disclosure?
Maybe that date is really June 1, 2003, since many countries list the
month second, not first.
By the way, these DD/MM/YYYY or MM/DD/YYYY formats often make it
difficult to quantify how much notice a vendor really had before the
issue was published. This has affected the accuracy of my past
aborted attempts to figure out how long vendors *really* take to fix
issues, and it may hamper any future attempts.
Using formats like YYYY/MM/DD or "Month DD, YYYY" generally seems to
address the confusion.
- Steve
Full-Disclosure is hosted and sponsored by Secunia.