Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 23 Sep 2017 09:20:50 -0700
From: Kurt H Maier <khm@...ops.net>
To: oss-security@...ts.openwall.com
Subject: Re: Why send bugs embargoed to distros?

On Sat, Sep 23, 2017 at 01:44:18PM +0200, Hanno Böck wrote:
> If I can trust Red Hat's CVE tracker [3] there still are no fixed
> packages available. Also I haven't found any info about updated
> opensuse packages.

This is standard operating procedure for Red Hat, at least.  Generally
days or even weeks pass before patches are released.   If you're an
"Extended Update Support" customer you can expect months to go by.  If
you're super lucky you'll get a systemtap script to play with, but that
generally requires a kernel RCE.


khm

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ