From a friend who shall remain nameless, lest he get flamed to oblivion. I think this speaks for itself. Physician, heal thyself.
Eric Raymond coined the term "Many eyes make all bugs shallow". he has an open source product, Fetchmail. in the last six months there have been at least four serious buffer overruns in the product:
| Oldest affected version | Release date | Vuln date | Days til found | CVE Number | Short comment |
| 5.3 | 2/22/20 | 10/11/02 | 962 | CAN-2002-1174 | long headers |
| 5.3 | 2/22/00 | 10/11/02 | 962 | CAN-2002-1175 | DNS records |
| 5.9 | 8/13/01 | 12/23/02 | 497 | CAN-2002-1365 | "@"s in local addresses |
| 2.5 | 12/23/96 | 6/25/02 | 2010 | CAN-2002-0146 | Message limits |
note, the version release date comes from ESR's news page
Posted by Paul at February 17, 2003 12:44 PMTrackBack URL for this entry:
http://www.robichaux.net/cgi-bin/mt-tb.cgi/908