Closed GoogleCodeExporter closed 9 years ago
Original comment by mjurc...@google.com
on 30 Oct 2014 at 1:54
Attachments:
Original comment by mjurc...@google.com
on 30 Oct 2014 at 5:22
Original comment by mjurc...@google.com
on 31 Oct 2014 at 10:19
Original comment by mjurc...@google.com
on 10 Dec 2014 at 12:57
The vendor communication timeline is as follows:
10/30/14 Vulnerability is reported to Adobe PSIRT.
10/31/14 Adobe PSIRT confirms reception of the reports and assigns internal
case ID (PSIRT-3109).
12/05/14 Adobe PSIRT informs us that the vulnerability would be fixed in next
Tuesday's Acrobat and Reader security bulletins, and assigns CVE-2014-9160 for
the issue.
12/08/14 Adobe PSIRT sends and update claiming that the issue is fixed for
Windows, but the vendor has been unable to introduce a fix in the update for
Mac, so the case is kept open until an update is released for Mac.
01/27/15 We send a heads-up to Adobe that the 90 day deadline elapses on the
next day and we will remove the view restriction.
We have reproduced the crash on a fully updated Adobe Reader for Mac. We are
currently not aware of any mitigations for the vulnerability.
Original comment by mjurc...@google.com
on 27 Jan 2015 at 9:45
Deadline exceeded - automatically derestricting
Original comment by mjurc...@google.com
on 29 Jan 2015 at 12:10
Original comment by cev...@google.com
on 9 Feb 2015 at 3:33
[deleted comment]
https://helpx.adobe.com/security/products/reader/apsb15-10.html
Original comment by cev...@google.com
on 12 May 2015 at 6:18
Original issue reported on code.google.com by
mjurc...@google.com
on 30 Oct 2014 at 1:52