From owner-freebsd-security@FreeBSD.ORG Wed Feb 11 23:12:32 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C8F516A4CE; Wed, 11 Feb 2004 23:12:32 -0800 (PST) Received: from pear.silverwraith.com (66-214-182-79.la-cbi.charterpipeline.net [66.214.182.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64CF843D1D; Wed, 11 Feb 2004 23:12:32 -0800 (PST) (envelope-from lists-freebsd@silverwraith.com) Received: from avleen by pear.silverwraith.com with local (Exim 4.30; FreeBSD) id 1ArB1T-000KK5-3o; Wed, 11 Feb 2004 23:12:31 -0800 Date: Wed, 11 Feb 2004 23:12:31 -0800 From: Avleen Vig To: Robert Watson Message-ID: <20040212071230.GI54091@silverwraith.com> References: <6.0.3.0.0.20040210154335.04a3c9f8@209.112.4.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.5.1i cc: freebsd-security@freebsd.org Subject: Re: Longest known unpatched FreeBSD security issue ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2004 07:12:32 -0000 On Wed, Feb 11, 2004 at 11:41:56AM -0500, Robert Watson wrote: > (2) The problem is brought to our attention in a manner which requires > coordination with other vendors providing the software or component -- > this can introduce additional delays in the advisory cycle. In the > past, we've seen coordination delays of up to (or maybe exceeding) a > month. For example, CERT will aften schedule advisory releases three > weeks or more past initial notification. I seem to recall one IP > stack issue across many vendors that actually tooks several months to > resolve. Just out of curiousity Robert, which IP stack issue was this?