Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
From: "Eric C. Lukens" <eric.lukens@xxxxxxx>
Date: Wed, 25 Mar 2009 14:20:40 -0500
In-reply-to: <87myb9k10c.fsf@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: University of Northern Iowa
References: <200903250922.n2P9M5l6016676@xxxxxxxxxxxxxx> <87myb9k10c.fsf@xxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.21 (Macintosh/20090302)

I noticed that as well, but suspected they were notified via more thenone mechanism or had already found the bug internally. I find it funnythat they had the final code ready on the 28th, but still didn't get itout to the public for another 2 weeks. I suppose they ran it throughone last QA procedure, or they just don't like to deliver things early.


-Eric

-------- Original Message  --------

Subject: Re: Secunia Research: Adobe Reader JBIG2 Symbol DictionaryBuffer Overflow

From: Florian Weimer <fw@xxxxxxxxxxxxx>
To: Secunia Research <remove-vuln@xxxxxxxxxxx>
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Date: 3/25/09 11:42 AM

* Secunia Research:
======================================================================5) Solution
Update to version 7.1.1, 8.1.4, or 9.1.
======================================================================6) Time Table
06/03/2009 - Vendor notified.
07/03/2009 - Vendor response.
25/03/2009 - Public disclosure.
Something doesn't add up because the 9.1 binary I've got was created
on February 28th, according to Verisign's time stamping signature in
the Authenticode signature.


--
Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
ITS-Network Services
Curris Business Building 15
University of Northern Iowa
Cedar Falls, IA 50614-0121
319-273-7434

Follow-Ups:
- Re[2]: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
  - From: Vladimir '3APA3A' Dubrovin

References:
- Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
  - From: Secunia Research
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
  - From: Florian Weimer

Prev by Date: Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
Next by Date: Re[2]: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
Previous by thread: Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
Next by thread: Re[2]: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
Index(es):
- Date
- Thread