Date: Wed, 22 Apr 2015 17:09:48 -0700 From: Tavis Ormandy <taviso@...gle.com> To: oss-security@...ts.openwall.com Subject: Re: USBCreator D-Bus service On Wed, Apr 22, 2015 at 5:04 PM, Solar Designer <solar@...nwall.com> wrote: > Hi Tavis, > > On Wed, Apr 22, 2015 at 04:50:08PM -0700, Tavis Ormandy wrote: >> [as-per previous discussion on the vendors list, skipping closed >> discussion of low-severity issue] > > What "vendors list" do you mean? Do you possibly mean "vendor's" rather > than "vendors" - that is, upstream's list? (I do not recall seeing this > on the linux-distros list.) Actually, I was referring to the discussion on linux-distros about apport and abrt. > Either way, it sounds weird to keep a low severity issue private. Low > severity usually means not needing an embargo in the first place. But I > guess it was the vendor's preference? Sure, I didn't mention it for the benefit of anyone actually working on linux security. I just wanted to be clear this was expected, as unfortunately my posts tend to get undesired attention. Tavis.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ