Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Jul 2015 19:37:41 +0200
From: Stephan Wiesand <stephan.wiesand@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser


On Jul 23, 2015, at 20:43 , Leif Nixon wrote:

> Qualys Security Advisory <qsa@...lys.com> writes:
> 
>> Hello, it is July 23, 2015, 17:00 UTC, the Coordinated Release Date for
>> CVE-2015-3245 and CVE-2015-3246.  Please find our advisory below, and
>> our exploit attached.
> 
> *Why* are you releasing a full exploit just minutes after the patch is
> released?
> 
> (Disclosure: I am employed by Red Hat, but this is my purely personal question.)

Wild guess: Their customers had plenty of time to understand the issue and its impact, and to roll out either a fix or some mitigation. And thus an edge. Looks like "just business...".

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.