Dear Eric C. Lukens, US-CERT note TA09-051A on this issue beeing exploited in-the-wild was issued on February, 20. http://www.us-cert.gov/cas/techalerts/TA09-051A.html --Wednesday, March 25, 2009, 10:20:40 PM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx: ECL> I noticed that as well, but suspected they were notified via more then ECL> one mechanism or had already found the bug internally. I find it funny ECL> that they had the final code ready on the 28th, but still didn't get it ECL> out to the public for another 2 weeks. I suppose they ran it through ECL> one last QA procedure, or they just don't like to deliver things early. ECL> -Eric ECL> -------- Original Message -------- ECL> Subject: Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary ECL> Buffer Overflow ECL> From: Florian Weimer <fw@xxxxxxxxxxxxx> ECL> To: Secunia Research <remove-vuln@xxxxxxxxxxx> ECL> Cc: bugtraq@xxxxxxxxxxxxxxxxx ECL> Date: 3/25/09 11:42 AM >> * Secunia Research: >> >> >>> ====================================================================== >>> 5) Solution >>> >>> Update to version 7.1.1, 8.1.4, or 9.1. >>> >>> ====================================================================== >>> 6) Time Table >>> >>> 06/03/2009 - Vendor notified. >>> 07/03/2009 - Vendor response. >>> 25/03/2009 - Public disclosure. >>> >> >> Something doesn't add up because the 9.1 binary I've got was created >> on February 28th, according to Verisign's time stamping signature in >> the Authenticode signature. >> -- Skype: Vladimir.Dubrovin ~/ZARAZA http://securityvulns.com/
