Date: Fri, 30 Jan 2015 01:22:23 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) On Fri, 30 Jan 2015 03:14:10 +0300 Solar Designer <solar@...nwall.com> wrote: > > because I felt waiting for them stops me from reporting more issues. > > Huh?! IMO, no one should ever wait for a CVE before reporting an > issue! Okay, maybe this was prone to misinterpretation. I thought it more like "If I try to track all the issues where I have requested CVEs and check whether I really got them or whether I should ask again I'd loose time I could better use to fuzz the next library." I don't remember actively delaying reporting or publication of a vuln due to lack of CVEs. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.