[pLog-svn] Fwd: Vulnerabilities in Lifetype

Oscar Renalias oscar at renalias.net
Sun Nov 26 21:02:51 GMT 2006 

What do make out of this? Does anybody think that this is a  
"vulnerability"? Can we come up with similar examples from other  
applications?

Begin forwarded message:

> From: "Jesper Jurcenoks" <jesper.jurcenoks at netvigilance.com>
> Date: 26 November 2006 22:51:27 GMT+02:00
> To: "Oscar Renalias" <oscar at renalias.net>
> Cc: <contact at lifetype.net>
> Subject: RE: Vulnerabilities in Lifetype
>
> Hi Oscar.
>
> Here are some live examples of the vulnerabnility
>
> http://www.lifetype.net/class/bootstrap.php
> http://www.lifetype.net/class/security/bayesianfilter.class.php
>
> JJ
>
> -----Original Message-----
> From: Jesper Jurcenoks
> Sent: Sunday, November 26, 2006 12:46 PM
> To: 'Oscar Renalias'
> Cc: contact at lifetype.net
> Subject: RE: Vulnerabilities in Lifetype
>
>  Here is the draft Advisory.
>
> I will not get CVE ID and osvdb id until tomorrow.
>
> JJ
>
> -----Original Message-----
> From: Oscar Renalias [mailto:oscar at renalias.net]
> Sent: Sunday, November 26, 2006 11:48 AM
> To: Jesper Jurcenoks
> Cc: contact at lifetype.net
> Subject: Re: Vulnerabilities in Lifetype
>
> I think your terms are fair enough, I don't see any problem with them.
>
> As soon as you provide me with the details of the vulnerability, I
> will get working on it and keep you posted.
>
> Oscar
>
> On 26 Nov 2006, at 21:23, Jesper Jurcenoks wrote:
>
>> Hi Oscar.
>>
>> I have not released the vulnerabilities yet.
>>
>> I like to have a link to a patch in the Security Advisory.
>>
>> Once the problem has been patched then you will probably make a small
>> annoucement under news stating the problem and the solution, I would
>> like to get credited for finding the vulnerability on this page.
>>
>> I would like to make a link to this news page as well.
>>
>> I would also like us to coordinate the release of the patch, your  
>> news
>> blog and the security advisory release so that they are relleased
>> at the
>> same time.
>>
>> I would love to have you link back to my security advisory in your
>> news
>> release.
>>
>> Can we agree on these terms before I send you the Draft Security
>> Advisory ?
>>
>> Regards
>>
>> Jesper Jurcenoks
>>
>> -----Original Message-----
>> From: Oscar Renalias [mailto:oscar at renalias.net]
>> Sent: Sunday, November 26, 2006 10:54 AM
>> To: Jesper Jurcenoks
>> Cc: contact at lifetype.net
>> Subject: Re: Vulnerabilities in Lifestyle
>>
>> Hi,
>>
>> could you please send these vulnerabilities to this address? We will
>> then act accordingly.
>>
>> Have you released them to the public in any way yet?
>>
>> Regards,
>>
>> Oscar Renalias
>> LifeType Project Leader
>>
>> On 26 Nov 2006, at 20:32, Jesper Jurcenoks wrote:
>>
>>> Dear Lifestyle
>>>
>>>  I have found some vulnerabilities in your software and would like
>>> to open a dialog with you about this.
>>>
>>> Regards
>>>
>>> JJ
>>>
>>> Jesper "JJ" Jurcenoks
>>> Co-founder
>>>
>>> netVigilance is a leading provider of IT-security software
>>>
>>> jesper.jurcenoks at netvigilance.com
>>>
>>> Phone: +1 503-524-5758
>>> Fax: +1 503-214-8612
>>>
>>> 17937 SW McEwan Road Suite 250
>>> Portland, Oregon 97224
>>>
>>>
>>> For more information about netVigilance, visit www.netvigilance.com
>>>
>>>
>>
>>
>>
>
>
>

More information about the pLog-svn mailing list