In [log in to unmask]> Mark Bixby <[log in to unmask]> writes:
> That is all the detail given; sort of like hearing that your car has been
> recalled without knowing what the exact defect is. ;-)
[snip]
> I think the designated person(s) on an HP support contract should be able to
> go through their local SE (who knows them personally, one would hope!) to
> obtain technical details about security issues like this.
>
> Comments? Would anybody who does know about these bugs care to e-mail me the
> technical details strictly off the record and not for redistribution?
I'd also like to know the details. I *am* glad they didn't publish the
details in the letters or e-mail they sent out, but it would be nice to have
a means for those in a position to have to make the decisions about the
severity of the vulnerability in our environments, and whether the efforts
required to patch them are warranted, to get a little more details.
I would like to applaud HP's approach to this problem. After the flak they've
taken in the past over the installed base not being notified of potential
problems, it seems someone was listening. Well done.
-Chris Bartram