oss-security - Re: Qualys Security Advisory - CVE-2015-3245 userhelper

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <87h9oud89s.fsf@lysator.liu.se>
Date: Thu, 23 Jul 2015 20:43:43 +0200
From: Leif Nixon <nixon@...ator.liu.se>
To: Qualys Security Advisory <qsa@...lys.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser

Qualys Security Advisory <qsa@...lys.com> writes:

> Hello, it is July 23, 2015, 17:00 UTC, the Coordinated Release Date for
> CVE-2015-3245 and CVE-2015-3246.  Please find our advisory below, and
> our exploit attached.

*Why* are you releasing a full exploit just minutes after the patch is
released?

(Disclosure: I am employed by Red Hat, but this is my purely personal question.)

-- 
Leif Nixon
------------------------------------------------------------------------------
"supercomputer specialists are charming, polite [and] witty" -- Wired Magazine
------------------------------------------------------------------------------

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.