Date: Sat, 24 Mar 2001 01:39:00 -0800 From: Kris Kennaway <kris@obsecurity.org> To: "Philip J. Koenig" <pjklist@ekahuna.com> Cc: security@FreeBSD.ORG Subject: Re: Delayed security advisories Message-ID: <20010324013900.A32192@xor.obsecurity.org> In-Reply-To: <3ABBE962.21950.29D4882@localhost>; from pjklist@ekahuna.com on Sat, Mar 24, 2001 at 12:25:06AM -0800 References: <bulk.88928.20010323042815@hub.freebsd.org> <3ABBE962.21950.29D4882@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sat, Mar 24, 2001 at 12:25:06AM -0800, Philip J. Koenig wrote: > See message snippet included below. > > Can someone tell me why there are security advisories coming out now > for security vulnerabilities known to have been corrected 3 months > ago? In this instance, we were trying to coordinate with CERT who wanted vendors to hold off immediately releasing since it affects most UNIX systems. After 2 1/2 months we hadn't heard anything more about it (and I had kind of lost track of it in the meantime due to other more pressing issues). I pinged CERT again, they asked us to delay another week while they got back to it, 1 1/2 weeks later we still had heard nothing so we just released it. Hope this clarifies the issue. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6vGszWry0BWjoQKURArp9AJ4pHmGirnqsIvmnn5mNkss85bP5WQCePZUx AoVanoxPzIAhz5/ro/PwrFo= =m7qC -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010324013900.A32192>