Date: Tue, 27 Jan 2015 17:45:17 -0800 From: Qualys Security Advisory <qsa@...lys.com> To: oss-security@...ts.openwall.com Subject: Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) On Tue, Jan 27, 2015 at 08:45:12PM +0300, Solar Designer wrote: > He found out that apparently the ghost image appeared on the Qualys > website on October 2. What?! No idea where this image came from, who created it, or why, or when. What is absolutely certain is that October 2 has nothing to do with this bug, simply because the first time someone here had the idea of calling it "GHOST" was on Friday evening! Yes, Friday, January 23, 2015! > The GHOST name was not yet in the (almost final) advisory draft sent to > the linux-distros list on January 18, nor was there any other name for > this vulnerability in there. Exactly, thank you! And if some of you conspiracy theorists need more proof, even SuSE's Bugzilla entry is still referencing the original name of our proof-of-concept (charged-ghbn.c), which appeared in the advisory draft we sent to the linux-distros mailing-list last week: https://bugzilla.suse.com/show_bug.cgi?id=913646 In the end, some information was leaked before the Coordinated Release Date (which was January 27, 2015 at 18:00 UTC), but it was just a few hours early. And again, we sincerely apologize. Please please please, less pointless bickering, more code auditing. Thank you. -- the "technical folks"
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ