Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Dec 2016 06:42:43 -0500
From: Jeffrey Walton <noloader@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2016-9963 Exim private information leak

On Thu, Dec 22, 2016 at 6:28 AM, Heiko Schlittermann
<hs@...littermann.de> wrote:
> Jeffrey Walton <noloader@...il.com> (Do 22 Dez 2016 12:06:41 CET):
> …
>> The bad guys already knew about the problem, or the motivated ones
>> found it after the partial disclosure.
>
> Partial disclousure? I think, there was no disclosure at all, beside
> requesting a CVE and talking about a possible leak of private
> information. Is this enough to call it "partial disclousure"?

All they need is a toehold. When the rumors started circulating about
CRIME, a number of folks figured out the attack before Duong and Rizzo
presented it.

Jeff

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ