Date: Wed, 3 Jul 2019 10:18:12 -0700 From: Gordon Tetlow <gordon@tetlows.org> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: grarpamp <grarpamp@gmail.com>, freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: CVE-2019-5599 SACK Slowness (FreeBSD 12 using the RACK TCP Stack) Message-ID: <20190703171812.GM32970@gmail.com> In-Reply-To: <20190619000655.2gde4u5i5ter5exu@mutt-hbsd> References: <CAD2Ti29xZ2Qty8fqgjf_OLvvjODOGyLtWSCzo6xgFB51e-T0ig@mail.gmail.com> <20190618235535.GY32970@gmail.com> <20190619000655.2gde4u5i5ter5exu@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
--TegBI+r9roYdcP94 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sorry for the late response, only so many hours in the day. On Tue, Jun 18, 2019 at 08:06:55PM -0400, Shawn Webb wrote: > It appears that Netflix's advisory (as of this writing) does not > include a timeline of events. Would FreeBSD be able to provide its > event timeline with regards to CVE-2019-5599? I don't generally document a timeline of events from our side. This particular disclosure was a bit unusual as it wasn't external but instead was an internal FreeBSD developer the security team often works with. As such, our process was a bit out of sync with normal (as much as we have a normal with our current processes). All of that said, we got notice in early June, about 10 days before public disclosure. > Were any FreeBSD derivatives given advanced notice? If so, which ones? They were not. I would like to get to a point where we feel we could give some sort of heads up for downstream, but we aren't there yet. Best, Gordon --TegBI+r9roYdcP94 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAABCgB9FiEEuyjUCzYO7pNq7RVv5fe8y6O93fgFAl0c409fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJC MjhENDBCMzYwRUVFOTM2QUVEMTU2RkU1RjdCQ0NCQTNCRERERjgACgkQ5fe8y6O9 3fgf3AgAmWoZy3EXl/ROMzh2xg8e+63ZqyA8Ugvk/sp/moH7YbAUo6IbrpdWeqMS ExyKeGJ1s5x2aizvUJCDlzSfh2xf/NIEDd6962U3r2leSC66LWR7rZrNkpxgxIfZ TST4rFb03aO1DhtQRMA4hZYo/VFW9w7sQOqJIxRjimq2rRrs2bB+d3QoE7EM2GGi /H9Y8QxGAEE9+kmSsDqlP5KHTTOWjkxEGHeQl1h+kLkm08AVS24z1k1MWvLNYoUK bXB3O4Kdq4iSneGhD43YKA1RXiw07mltib5VVKNHDDuyS+aUXMrq/Qo+6nMKnOtU 1GzNbaezukSHbf7DYoaH2BuQD9h8Tw== =V7Bz -----END PGP SIGNATURE----- --TegBI+r9roYdcP94--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190703171812.GM32970>