Date: Thu, 22 Dec 2016 06:06:41 -0500 From: Jeffrey Walton <noloader@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2016-9963 Exim private information leak On Thu, Dec 22, 2016 at 5:40 AM, Heiko Schlittermann <hs@...littermann.de> wrote: > Kurt H Maier <khm@...ops.net> (Do 22 Dez 2016 01:57:33 CET): >> On Thu, Dec 22, 2016 at 12:24:09AM +0100, Heiko Schlittermann wrote: >> > >> > In case the distros are ready already, we could release on 23rd, but I >> > need feedbeck from the distros and ack from the other developers. >> > >> Please pursue this possibility. > > Ok, I asked the distro@vs… list to get clearance. If the major distros > supporting Exim give their ok, we're prepared to release sooner. Stay > tuned. Its probably worth mentioning the only people who are at a disadvantage now are the good guys and decision makers. The bad guys already knew about the problem, or the motivated ones found it after the partial disclosure. Jeff
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ