Hi iDEFENSE, > This issue was patched in the latest (June 9th) releases of CVS, > specifically 1.11.17 & 1.12.9.
well guess WHY it was fixed... maybe because it was found and reported by Sebastian Krahmer back ub May? > VIII. CREDIT > > An anonymous contributor is credited with discovering this > vulnerability. ... > Get paid for vulnerability research The bug was officially fixed with the last releases because it was already found at that time by Sebastian Krahmer. So I suggest that you ask him for his bank account. It is quite funny that this is the 3rd (or maybe 4th) incident I know off, where you pay people for vulnerabilities that were already found and reported by others. Stefan Esser -- -------------------------------------------------------------------------- Stefan Esser [EMAIL PROTECTED] e-matters Security http://security.e-matters.de/ GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 Key fingerprint B418 B290 ACC0 C8E5 8292 8B72 D6B0 7704 CF6C AE69 -------------------------------------------------------------------------- Did I help you? Consider a gift: http://wishlist.suspekt.org/ -------------------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
