Patch Drafting - last week's crop.

I posted towards the end of last month about "Patch Drafting", the practice of releasing your company's patch notices after Microsoft releases theirs, so that the news rags state "Hordes of patches required for Microsoft software", rather than "Hordes of patches required for your software".

This month's patch drafting included:

Adobe:

  • APSB06-15 - Macromedia Contribute Publishing Server local information disclosure
  • APSB06-16 - Breeze 5 Licensed Server Information Disclosure
  • APSB06-17 - ColdFusion MX 7 local privilege escalation

Novell:

  • TID-2974551 - BorderManager 3.8 POST SP4 Security Patch1

I don't think we can count Oracle, who will be releasing their quarterly update tomorrow. Mind you, the announcement that they'd be rating their bugs as to how serious they are, that came ... the day after Patch Tuesday.

Oh, and there's also a flurry of PHP-based application vulnerabilities, too - phpBB, miniBB, etc.

Of course, this is still all far less worrisome than the "security researchers" who wait until just after Patch Tuesday to publicly release their findings of unpatched vulnerabilities.

Published Mon, Oct 16 2006 11:49 by Alun Jones
Filed under:

Leave a Comment

(required) 
(required) 
(optional)
(required) 
If you can't read this number refresh your screen
Enter the numbers above: