Date: Fri, 30 Jan 2015 01:22:23 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) On Fri, 30 Jan 2015 03:14:10 +0300 Solar Designer <solar@...nwall.com> wrote: > > because I felt waiting for them stops me from reporting more issues. > > Huh?! IMO, no one should ever wait for a CVE before reporting an > issue! Okay, maybe this was prone to misinterpretation. I thought it more like "If I try to track all the issues where I have requested CVEs and check whether I really got them or whether I should ask again I'd loose time I could better use to fuzz the next library." I don't remember actively delaying reporting or publication of a vuln due to lack of CVEs. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ