[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Moving ahead




We have disagreement on a few issues; I'll suggest that Steve put
those forth one at a time for consideration.  I'll also say that to do 
a proper review job, the list was too long; I didn't start it several
times because I wanted to go through it in one go, and thus my
response was delayed.

In addition, I want to raise three more, now that I've finished
looking into them.

CAN-1999-0014 we have insufficient data if a new CDE dtappgather bug
comes out to determine if its new or a re-invention. (REJECT)

CAN-1999-0032 the mention of (lp) is misleading.  The problem was with 
the BSD lpr family, not the SYSV lp family.  (MODIFY)

CAN-1999-0099 the problem was demonstrated publicly through sendmail,
there is no reason to expect it could not be used through another
program.  Suggest phrasing:  "A buffer overflow in syslog which was
demonstrably exploitable via sendmail."  (MODIFY)

Page Last Updated or Reviewed: May 22, 2007