Date: Thu, 22 Dec 2016 06:42:43 -0500 From: Jeffrey Walton <noloader@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2016-9963 Exim private information leak On Thu, Dec 22, 2016 at 6:28 AM, Heiko Schlittermann <hs@...littermann.de> wrote: > Jeffrey Walton <noloader@...il.com> (Do 22 Dez 2016 12:06:41 CET): > … >> The bad guys already knew about the problem, or the motivated ones >> found it after the partial disclosure. > > Partial disclousure? I think, there was no disclosure at all, beside > requesting a CVE and talking about a possible leak of private > information. Is this enough to call it "partial disclousure"? All they need is a toehold. When the rumors started circulating about CRIME, a number of folks figured out the attack before Duong and Rizzo presented it. Jeff
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ