Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 30 Jan 2015 01:22:23 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: GHOST gethostbyname() heap overflow in glibc
 (CVE-2015-0235)

On Fri, 30 Jan 2015 03:14:10 +0300
Solar Designer <solar@...nwall.com> wrote:

> > because I felt waiting for them stops me from reporting more issues.
> 
> Huh?!  IMO, no one should ever wait for a CVE before reporting an
> issue!

Okay, maybe this was prone to misinterpretation.

I thought it more like "If I try to track all the issues where I have
requested CVEs and check whether I really got them or whether I should
ask again I'd loose time I could better use to fuzz the next library."
I don't remember actively delaying reporting or publication of a vuln
due to lack of CVEs.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.