Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow



I noticed that as well, but suspected they were notified via more then one mechanism or had already found the bug internally. I find it funny that they had the final code ready on the 28th, but still didn't get it out to the public for another 2 weeks. I suppose they ran it through one last QA procedure, or they just don't like to deliver things early.

-Eric

-------- Original Message --------
Subject: Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
From: Florian Weimer <fw@xxxxxxxxxxxxx>
To: Secunia Research <remove-vuln@xxxxxxxxxxx>
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Date: 3/25/09 11:42 AM
* Secunia Research:

====================================================================== 5) Solution

Update to version 7.1.1, 8.1.4, or 9.1.

====================================================================== 6) Time Table

06/03/2009 - Vendor notified.
07/03/2009 - Vendor response.
25/03/2009 - Public disclosure.

Something doesn't add up because the 9.1 binary I've got was created
on February 28th, according to Verisign's time stamping signature in
the Authenticode signature.

--
Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
ITS-Network Services
Curris Business Building 15
University of Northern Iowa
Cedar Falls, IA 50614-0121
319-273-7434