[pLog-svn] Fwd: Vulnerabilities in Lifetype

Sun Nov 26 21:24:00 GMT 2006

ehm, he just send you these two urls?
i don't know what he's up to.

On 11/26/06, Oscar Renalias <oscar at renalias.net> wrote:
>
> What do make out of this? Does anybody think that this is a
> "vulnerability"? Can we come up with similar examples from other
> applications?
>
> Begin forwarded message:
>
> > From: "Jesper Jurcenoks" <jesper.jurcenoks at netvigilance.com>
> > Date: 26 November 2006 22:51:27 GMT+02:00
> > To: "Oscar Renalias" <oscar at renalias.net>
> > Cc: <contact at lifetype.net>
> > Subject: RE: Vulnerabilities in Lifetype
> >
> > Hi Oscar.
> >
> > Here are some live examples of the vulnerabnility
> >
> > http://www.lifetype.net/class/bootstrap.php
> > http://www.lifetype.net/class/security/bayesianfilter.class.php
> >
> > JJ
> >
> > -----Original Message-----
> > From: Jesper Jurcenoks
> > Sent: Sunday, November 26, 2006 12:46 PM
> > To: 'Oscar Renalias'
> > Cc: contact at lifetype.net
> > Subject: RE: Vulnerabilities in Lifetype
> >
> >  Here is the draft Advisory.
> >
> > I will not get CVE ID and osvdb id until tomorrow.
> >
> > JJ
> >
> > -----Original Message-----
> > From: Oscar Renalias [mailto:oscar at renalias.net]
> > Sent: Sunday, November 26, 2006 11:48 AM
> > To: Jesper Jurcenoks
> > Cc: contact at lifetype.net
> > Subject: Re: Vulnerabilities in Lifetype
> >
> > I think your terms are fair enough, I don't see any problem with them.
> >
> > As soon as you provide me with the details of the vulnerability, I
> > will get working on it and keep you posted.
> >
> > Oscar
> >
> > On 26 Nov 2006, at 21:23, Jesper Jurcenoks wrote:
> >
> >> Hi Oscar.
> >>
> >> I have not released the vulnerabilities yet.
> >>
> >> I like to have a link to a patch in the Security Advisory.
> >>
> >> Once the problem has been patched then you will probably make a small
> >> annoucement under news stating the problem and the solution, I would
> >> like to get credited for finding the vulnerability on this page.
> >>
> >> I would like to make a link to this news page as well.
> >>
> >> I would also like us to coordinate the release of the patch, your
> >> news
> >> blog and the security advisory release so that they are relleased
> >> at the
> >> same time.
> >>
> >> I would love to have you link back to my security advisory in your
> >> news
> >> release.
> >>
> >> Can we agree on these terms before I send you the Draft Security
> >> Advisory ?
> >>
> >> Regards
> >>
> >> Jesper Jurcenoks
> >>
> >> -----Original Message-----
> >> From: Oscar Renalias [mailto:oscar at renalias.net]
> >> Sent: Sunday, November 26, 2006 10:54 AM
> >> To: Jesper Jurcenoks
> >> Cc: contact at lifetype.net
> >> Subject: Re: Vulnerabilities in Lifestyle
> >>
> >> Hi,
> >>
> >> could you please send these vulnerabilities to this address? We will
> >> then act accordingly.
> >>
> >> Have you released them to the public in any way yet?
> >>
> >> Regards,
> >>
> >> Oscar Renalias
> >> LifeType Project Leader
> >>
> >> On 26 Nov 2006, at 20:32, Jesper Jurcenoks wrote:
> >>
> >>> Dear Lifestyle
> >>>
> >>>  I have found some vulnerabilities in your software and would like
> >>> to open a dialog with you about this.
> >>>
> >>> Regards
> >>>
> >>> JJ
> >>>
> >>> Jesper "JJ" Jurcenoks
> >>> Co-founder
> >>>
> >>> netVigilance is a leading provider of IT-security software
> >>>
> >>> jesper.jurcenoks at netvigilance.com
> >>>
> >>> Phone: +1 503-524-5758
> >>> Fax: +1 503-214-8612
> >>>
> >>> 17937 SW McEwan Road Suite 250
> >>> Portland, Oregon 97224
> >>>
> >>>
> >>> For more information about netVigilance, visit www.netvigilance.com
> >>>
> >>>
> >>
> >>
> >>
> >
> >
> >
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http:// devel.lifetype.net/pipermail/plog-svn/attachments/20061126/cd085ef3/attachment.html