Hi Bj�rn wrote: > as the RS signature was included in XPU 20.9 (released in January) > why was the "official" advisory held back till now?
Presumably to allow folks to patch and release a secured version of Sendmail. X-Force have been slated for pre-announcing vulnerabilities in the past - this time they have waited and all credit for that. There was no real detail in the XPU help file that would help to write an exploit (I would not be surprised if it was deliberately vague), but it is better to have done things this way around. Robert -- Robert Turner GCIA Security Solutions Designer & Analyst BT Secure Business Services T: +44 (0)113 244 5951 F: +44 (0)113 244 5657 [EMAIL PROTECTED] == # include std.disclaimer ===================================== British Telecommunications plc Registered office: 81 Newgate Street London EC1A 7AJ Registered in England no. 1800000 This electronic message contains information from British Telecommunications plc which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address above) immediately. Activity and use of the British Telecommunications plc E-mail system is monitored to secure its effective operation and for other lawful business purposes. Communications using this system will also be monitored and may be recorded to secure effective operation and for other lawful business purposes. ================================================================= _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
