Date: Fri, 18 Sep 2009 17:39:27 -0400 From: Michael Powell <nightrecon@hotmail.com> To: freebsd-questions@freebsd.org Subject: Re: reporter on deadline seeks comment about reported security bug in FreeBSD Message-ID: <h90ul5$rmt$1@ger.gmane.org> References: <4AAF4927.3070203@frasunek.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Przemyslaw Frasunek wrote: > Giorgos Keramidas wrote: >> Przemyslaw should email security-officer with any details he thinks are >> relevant. Then the security team will make sure to fix the bug for all >> affected releases of FreeBSD, release a patch with the fix, issue an >> advisory through the usual channels, and post the details online at our >> security information web pages at <http://www.FreeBSD.org/security/>. > > I see that I received a lot of criticism after disclosing 6.4 > vulnerability. Please read some facts: > > I send few mails: on 29th Aug to security team, on 2nd Sep and 11th Sep > directly to security officer. None of them were responded. I haven't > filled any PRs, because it would disclose details of vulnerability to the > public and allow blackhats to exploit it. > > I won't publish anything more than video, before official security > advisory. The exploit is private to me and it won't be given to the > "community". > > Michael Powell wrote: >> Quoted from ~freebsd.security.general: >> "The bug was fixed in 6.1-STABLE, just before release of 6.2-RELEASE, but >> was not recognized as security vulnerability." > > This is another bug. The former one affected only 6.1, this one affects > everything up to 6.4-STABLE. > Please allow me to express my appreciation for your efforts in this matter. Your work will only improve FreeBSD and I would like to thank you kindly for that. I apologize if any, or all, of my comments appeared critical of your work. I was trying to express criticism of the writer whose only imperative was to generate a sensationalist headline. -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?h90ul5$rmt$1>