From owner-freebsd-security  Sat Mar 24  1:39: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-43.dsl.lsan03.pacbell.net [63.207.60.43])
	by hub.freebsd.org (Postfix) with ESMTP id 2798E37B718
	for <security@FreeBSD.ORG>; Sat, 24 Mar 2001 01:39:01 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 3015F66C3B; Sat, 24 Mar 2001 01:39:00 -0800 (PST)
Date: Sat, 24 Mar 2001 01:39:00 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: "Philip J. Koenig" <pjklist@ekahuna.com>
Cc: security@FreeBSD.ORG
Subject: Re: Delayed security advisories
Message-ID: <20010324013900.A32192@xor.obsecurity.org>
References: <bulk.88928.20010323042815@hub.freebsd.org> <3ABBE962.21950.29D4882@localhost>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3ABBE962.21950.29D4882@localhost>; from pjklist@ekahuna.com on Sat, Mar 24, 2001 at 12:25:06AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 24, 2001 at 12:25:06AM -0800, Philip J. Koenig wrote:
> See message snippet included below.
>=20
> Can someone tell me why there are security advisories coming out now=20
> for security vulnerabilities known to have been corrected 3 months=20
> ago?

In this instance, we were trying to coordinate with CERT who wanted
vendors to hold off immediately releasing since it affects most UNIX
systems.  After 2 1/2 months we hadn't heard anything more about it
(and I had kind of lost track of it in the meantime due to other more
pressing issues).  I pinged CERT again, they asked us to delay another
week while they got back to it, 1 1/2 weeks later we still had heard
nothing so we just released it.

Hope this clarifies the issue.

Kris

--9amGYk9869ThD9tj
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6vGszWry0BWjoQKURArp9AJ4pHmGirnqsIvmnn5mNkss85bP5WQCePZUx
AoVanoxPzIAhz5/ro/PwrFo=
=m7qC
-----END PGP SIGNATURE-----

--9amGYk9869ThD9tj--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message