Re: not your average security-related article

• From: Ray Stell <stellr@xxxxxxxxxx>
• To: Paul Drake <bdbafh@xxxxxxxxx>
• Date: Wed, 3 May 2006 11:25:12 -0400

On Wed, May 03, 2006 at 10:57:46AM -0400, Paul Drake wrote:
> http://www.computerworld.com/securitytopics/security/holes/story/0,10801,111098,00.html


Recent posts to bugtraq:

Litchfield, 02 May 2006:
"Most recently, Oracle informed us that on the 18th of April 2006 that
Critical Patch Update would be released. This date had been planned for over
a year so why, on that date, were patches not ready for versions 10.2.0.2,
10.1.0.4, 10.1.0.3, 9.2.0.5, 8.1.7.4 and only partial patches for 10.1.0.5?
Further, patches were only available for versions 9.2.0.7, 9.2.0.6 and
10.2.0.1 which means patches are available for only 33% of their supported
versions - what about the poor people running the other 66%?

Kornbrust, 02 May 2006:
"2 weeks ago I found a way to bypass dbms_assert in many cases.
Oracle is already informed. This means that many Oracle packages are
vulnerable again and the bugfixes against SQL Injection are often
useless."
--
//www.freelists.org/webpage/oracle-l

• References:
  • not your average security-related article
    • From: Paul Drake

Other related posts:

• » not your average security-related article
• » Re: not your average security-related article

1. Home
2. oracle-l
3. Archive
4. 05-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---