Date: Tue, 27 Jan 2015 17:55:55 +0100 From: Pierre Schweitzer <pierre@...ctos.org> To: oss-security@...ts.openwall.com CC: Qualys Security Advisory <qsa@...lys.com> Subject: Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The person behind this anticipated disclosure admitted failing at time management a few messages later. Basically, this was not a volunteered anticipated disclosure. As reference: http://frsag.org/pipermail/frsag/2015-January/005727.html "I'll keep you informed in the next hours. I've sent the bulletin too early. Big fail from me. Stay tuned." With my best regards, On 01/27/2015 05:11 PM, Solar Designer wrote: > On Tue, Jan 27, 2015 at 05:04:58PM +0100, Hanno B??ck wrote: >> Origin seems to be a report from qualys. > > They're about to send the full advisory in here. This was > coordinated disclosure, but unfortunately there are discrepancies > of a few hours. The public disclosure time-of-day was coordinated > too, but clearly was not literally followed by everyone. > > Alexander > - -- Pierre Schweitzer <pierre@...ctos.org> System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUx8MbAAoJEHVFVWw9WFsLaZsQAI00bb6ye2I6QsbsMrfM9zw7 vWs2RVvC31hJb6kfOdancvzbi3j0Th13Be22cJZxNcdxaRTH1hf/njHRXCJDDldV dq19mRrZcU/sJtLqrq66A3QsuD+l9305PU0kzyv9utyZlDA7MlH3+fN0/lsgfQQS r6EJ3VB4t7XzvIyYu6A5vKjEwWDjVEnT283tBbSt/BQ0QLuKeNRDBF/Vag7ipo9v qGBbMUByx3LCfDf8fyldgNWof7jrwq4ov9Yia24ZTcgV8XCMTbMGHavRZRwAVnJj 7Rtn89Z+Wp4rQtiyPDpG+0Lvku+VwxL3qpqhnvNt9ljY8NFr/kfD/TfypsDqcX+j fLlOLkIeBgDRpIBRTW83yzDct5faw+1JCo+3loW+KeVzcaH4MPUbgJR4P21rl6W5 c3P6mLz3uSYUgD5tYmxvLg1gBLbdfs1XqaBsVCk5BS3cqUI/jkYOyh8vXgNFpADS PUgigS4BxLVSeHuQ93rEaSbPmv8nH47IcjlJDjxpc0yXcrparcB9Ltq1Zte2Ko3A GEIuqZPzqIIH+sBXixqHYB1avDD+Eec3myrYQ9JEnkGXD3Tg8G2O4bAe+6m+i+Ez GmFU3Bmz5X3jJn3xP3lcYyh7Ty3lWeNaUn80AelcYSsiF/VmLsPvhoU0I4DBGM3y EinId55H7QqMyQjt79JF =7jhK -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ