I find it funny you are the one to complain about too many advisories when you spam the list with sprintf and strcpy bugs you grepped for in random applications everyday<br><br><div class="gmail_quote">On Tue, Apr 15, 2008 at 9:20 AM, Luigi Auriemma <<a href="mailto:aluigi@autistici.org">aluigi@autistici.org</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">> Autonomy Keyview Folio Flat File Parsing Buffer Overflows<br>
> Autonomy Keyview Applix Graphics Parsing Vulnerabilities<br>
> Autonomy Keyview EML Reader Buffer Overflows<br>
> activePDF DocConverter Folio Flat File Parsing Buffer Overflows<br>
> activePDF DocConverter Applix Graphics Parsing Vulnerabilities<br>
> Lotus Notes Applix Graphics Parsing Vulnerabilities<br>
<div class="Ih2E3d">> Lotus Notes Folio Flat File Parsing Buffer Overflows<br>
</div>> Lotus Notes EML Reader Buffer Overflows<br>
> Lotus Notes kvdocve.dll Path Processing Buffer Overflow<br>
> Lotus Notes htmsr.dll Buffer Overflows<br>
> Symantec Mail Security Folio Flat File Parsing Buffer Overflows<br>
> Symantec Mail Security Applix Graphics Parsing Vulnerabilities<br>
<br>
12 mails for the same library?<br>
<br>
>From what I have understood all the bugs are just in this Autonomy<br>
Keyview library so in my opinion reporting the same identical bugs in<br>
each software which uses this thirdy part component and additionally<br>
without saying that the problem in reality is in the library is wrong<br>
and leads to a lot of confusion.<br>
<br>
It's just like if someone finds a bug in zlib and releases 10000<br>
advisories, one for each program in the world which uses the library...<br>
the bug is not in these 10000 programs but only in zlib.<br>
<br>
<br>
---<br>
<font color="#888888">Luigi Auriemma<br>
<a href="http://aluigi.org" target="_blank">http://aluigi.org</a><br>
</font><div><div></div><div class="Wj3C7c"><br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</div></div></blockquote></div><br>