Date: Sat, 24 Mar 2001 01:50:48 -0800 From: "Philip J. Koenig" <pjklist@ekahuna.com> To: Kris Kennaway <kris@obsecurity.org> Cc: security@FreeBSD.ORG Subject: Re: Delayed security advisories Message-ID: <3ABBFD78.30833.2EBC336@localhost> In-Reply-To: <20010324013900.A32192@xor.obsecurity.org> References: <3ABBE962.21950.29D4882@localhost>; from pjklist@ekahuna.com on Sat, Mar 24, 2001 at 12:25:06AM -0800
next in thread | previous in thread | raw e-mail | index | archive | help
On 24 Mar 2001, at 1:39, Kris Kennaway boldly uttered: > On Sat, Mar 24, 2001 at 12:25:06AM -0800, Philip J. Koenig wrote: > > See message snippet included below. > > > > Can someone tell me why there are security advisories coming out now > > for security vulnerabilities known to have been corrected 3 months > > ago? > > In this instance, we were trying to coordinate with CERT who wanted > vendors to hold off immediately releasing since it affects most UNIX > systems. After 2 1/2 months we hadn't heard anything more about it > (and I had kind of lost track of it in the meantime due to other more > pressing issues). I pinged CERT again, they asked us to delay another > week while they got back to it, 1 1/2 weeks later we still had heard > nothing so we just released it. > > Hope this clarifies the issue. > > Kris It does indeed - thanks for the info. I have to admit sometimes I wonder whether CERT is more of a hindrance than a help. Well at least they aren't unwittingly distributing viruses and causing DoS attacks from code distributed on their mailing list like Bugtraq. :-) Phil -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ABBFD78.30833.2EBC336>