Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 30 Jan 2015 01:22:23 +0100
From: Hanno Böck <>
Subject: Re: GHOST gethostbyname() heap overflow in glibc

On Fri, 30 Jan 2015 03:14:10 +0300
Solar Designer <> wrote:

> > because I felt waiting for them stops me from reporting more issues.
> Huh?!  IMO, no one should ever wait for a CVE before reporting an
> issue!

Okay, maybe this was prone to misinterpretation.

I thought it more like "If I try to track all the issues where I have
requested CVEs and check whether I really got them or whether I should
ask again I'd loose time I could better use to fuzz the next library."
I don't remember actively delaying reporting or publication of a vuln
due to lack of CVEs.

Hanno Böck


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.