From owner-freebsd-security Sat Mar 24 1:50:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from empty1.ekahuna.com (empty1.ekahuna.com [205.178.102.196]) by hub.freebsd.org (Postfix) with ESMTP id B85F237B719 for ; Sat, 24 Mar 2001 01:50:48 -0800 (PST) (envelope-from pjklist@ekahuna.com) Received: from pc-02 (pc02.ekahuna.com [205.178.102.197]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com; Sat, 24 Mar 2001 01:50:47 -0800 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: Kris Kennaway Date: Sat, 24 Mar 2001 01:50:48 -0800 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Delayed security advisories Reply-To: pjklist@ekahuna.com Cc: security@FreeBSD.ORG Message-ID: <3ABBFD78.30833.2EBC336@localhost> In-reply-to: <20010324013900.A32192@xor.obsecurity.org> References: <3ABBE962.21950.29D4882@localhost>; from pjklist@ekahuna.com on Sat, Mar 24, 2001 at 12:25:06AM -0800 X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 24 Mar 2001, at 1:39, Kris Kennaway boldly uttered: > On Sat, Mar 24, 2001 at 12:25:06AM -0800, Philip J. Koenig wrote: > > See message snippet included below. > > > > Can someone tell me why there are security advisories coming out now > > for security vulnerabilities known to have been corrected 3 months > > ago? > > In this instance, we were trying to coordinate with CERT who wanted > vendors to hold off immediately releasing since it affects most UNIX > systems. After 2 1/2 months we hadn't heard anything more about it > (and I had kind of lost track of it in the meantime due to other more > pressing issues). I pinged CERT again, they asked us to delay another > week while they got back to it, 1 1/2 weeks later we still had heard > nothing so we just released it. > > Hope this clarifies the issue. > > Kris It does indeed - thanks for the info. I have to admit sometimes I wonder whether CERT is more of a hindrance than a help. Well at least they aren't unwittingly distributing viruses and causing DoS attacks from code distributed on their mailing list like Bugtraq. :-) Phil -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message