Apparently there are 7 upcoming advisories, and the oldest one is 93
days old.
Link: http://www.eeye.com/html/Research/Upcoming/index.html
You forgot to mention that two "93days overdue" 153-days-since-reported vulnerabilities are complete remote root for all server OSes...
I even feel sorry for their customers for this lack of service.
Actually, IIRC, I think that dawdling this long might even be illegal under German law, something I'll have to look up later...
J. Theriault [EMAIL PROTECTED]
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
