Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] [SECUNIA] Regarding Secunia Advisory SA13040

from [Thomas Kristensen] Network Security [Permanent Link]
Subject: [Full-Disclosure] [SECUNIA] Regarding Secunia Advisory SA13040
Date: Wed, 22 Dec 2004 14:47:30 +0100 
Hi Xavier,

The information in Secunia Advisory SA13040 is based on your own
Changelog at Sourceforge.

SA13040:
http://secunia.com/SA13040

On 30th November you wrote to Secunia that this only affected the 1.4
branch. One hour later Secunia updated the advisory to reflect this and
you received an answer with a confirmation that we had updated the
advisory.

If you spotted any other omissions back then, you could have contacted
us again - obviously you didn't.

Additionally, any information listed in product changelogs is considered
public knowledge. Naturally, we don't contact vendors before issuing
advisories based on information in their own changelogs / release notes.

Also, we are not going to remove this advisory, as it is based on your
own information. However, if you have any relevant additional
information, we will naturally review them and update the advisory
accordingly.

Kind regards,

Thomas Kristensen 

On Wed, 2004-12-22 at 14:08, Xavier Beaudouin wrote:

Hello there,

As a maintainer of Caudium Webserver I wishes the following things

1- Secunia didn't contact us about this "advisory" you have
     certainly googled the bugtracker on sourceforge and make this
     advisory without contacting us before, so this is NOT the rules
     about security advisory.
2- The Advisory it partialy false. You write that it affects Caudium
     1.x branch. Since there is only one branch about Caudium this is
     really  disinformation about our software.
3- Secunia DIDN'T contact us (if you look at the source there is
     mailing lists, emails and whatever things to help third party
     people to contact us.
4- The "advisory" (and even the lasted change logs) say all version
     of Caudium which is false, the ONLY VERSION that have the
     bug (because IT IS a bug) is 1.4RC1 not 1.4RC2 or even 1.0.xx /
     1.2.xx branch.
5- You didn't TEST by yourself before releasing this advisory, I can
     consider that as half-done work...

Because of that. I ask Secunia.com to REMOVE this advisory because all
its contents is false and inaccurate. I really hope that all
of other work of Secunia.com is better than the extract I just saw...

Sincerly Xavier
--
Xavier Beaudouin - Unix System Administrator & Projects Leader.
President of Kazar Organization : http://www.kazar.net/
Please visit http://caudium.net/, home of Caudium & Camas projects

-- 
Kind regards,

Thomas Kristensen
CTO

Secunia
Toldbodgade 37B
1253 Copenhagen K
Denmark

Tlf.: +45 7020 5144
Fax:  +45 7020 5145

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [VulnWatch] iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability, customer service mailbox
Next by Date:  [Full-Disclosure] Regarding Secunia Advisory SA13040., Xavier Beaudouin
Previous by Thread:  [Full-Disclosure] Regarding Secunia Advisory SA13040., Xavier Beaudouin
Next by Thread:  [Full-Disclosure] Re: [caudium-devel] [SECUNIA] Regarding Secunia Advisory SA13040, Marek Habersack
Indexes:  [Date] [Thread] [Top] [All Lists]