tech-security: Re: CERT Advisory CA-2002-12 Format String Vulnerability in ISC

Subject: Re: CERT Advisory CA-2002-12 Format String Vulnerability in ISC
To: None <tech-security@netbsd.org>
From: None <sen_ml@eccosys.com>
List: tech-security
Date: 05/09/2002 12:36:24

Hi,

From: Paul Hoffman <phoffman@proper.com>
Subject: Re: Fwd: CERT Advisory CA-2002-12 Format String Vulnerability in ISC DHCPD
Date: Wed, 8 May 2002 20:30:42 -0700

> >Just because a syslog formatting was improved doesn't mean that a security
> >issue was fixed. Probably the vulnerability wasn't even known.
> 
> Sorry, I can't parse that. 

I read that as:

  "Some syslog formatting was improved -- not particularly thinking
   of whether the change had anything to do w/ security.  It just so
   happens that in this particular case this fixed a security problem --
   one that wasn't known by the person doing the fixing at the time."