I noticed that as well, but suspected they were notified via more then
one mechanism or had already found the bug internally. I find it funny
that they had the final code ready on the 28th, but still didn't get it
out to the public for another 2 weeks. I suppose they ran it through
one last QA procedure, or they just don't like to deliver things early.
-Eric
-------- Original Message --------
Subject: Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary
Buffer Overflow
From: Florian Weimer <fw@xxxxxxxxxxxxx>
To: Secunia Research <remove-vuln@xxxxxxxxxxx>
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Date: 3/25/09 11:42 AM
* Secunia Research:
======================================================================
5) Solution
Update to version 7.1.1, 8.1.4, or 9.1.
======================================================================
6) Time Table
06/03/2009 - Vendor notified.
07/03/2009 - Vendor response.
25/03/2009 - Public disclosure.
Something doesn't add up because the 9.1 binary I've got was created
on February 28th, according to Verisign's time stamping signature in
the Authenticode signature.
--
Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
ITS-Network Services
Curris Business Building 15
University of Northern Iowa
Cedar Falls, IA 50614-0121
319-273-7434
