|
Message-ID: <20150130012223.5c193004@pc>
Date: Fri, 30 Jan 2015 01:22:23 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: GHOST gethostbyname() heap overflow in glibc
(CVE-2015-0235)
On Fri, 30 Jan 2015 03:14:10 +0300
Solar Designer <solar@...nwall.com> wrote:
> > because I felt waiting for them stops me from reporting more issues.
>
> Huh?! IMO, no one should ever wait for a CVE before reporting an
> issue!
Okay, maybe this was prone to misinterpretation.
I thought it more like "If I try to track all the issues where I have
requested CVEs and check whether I really got them or whether I should
ask again I'd loose time I could better use to fuzz the next library."
I don't remember actively delaying reporting or publication of a vuln
due to lack of CVEs.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno@...eck.de
GPG: BBB51E42
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.