oss-security - Re: CVE-2016-9963 Exim private information leak

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <CAH8yC8ne0XPZ5x_Nuazcpjcyc4xKg_fwDydBmMXYDjeADsPYvA@mail.gmail.com>
Date: Thu, 22 Dec 2016 06:06:41 -0500
From: Jeffrey Walton <noloader@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2016-9963 Exim private information leak

On Thu, Dec 22, 2016 at 5:40 AM, Heiko Schlittermann
<hs@...littermann.de> wrote:
> Kurt H Maier <khm@...ops.net> (Do 22 Dez 2016 01:57:33 CET):
>> On Thu, Dec 22, 2016 at 12:24:09AM +0100, Heiko Schlittermann wrote:
>> >
>> > In case the distros are ready already, we could release on 23rd, but I
>> > need feedbeck from the distros and ack from the other developers.
>> >
>> Please pursue this possibility.
>
> Ok, I asked the distro@vs… list to get clearance. If the major distros
> supporting Exim give their ok, we're prepared to release sooner. Stay
> tuned.

Its probably worth mentioning the only people who are at a
disadvantage now are the good guys and decision makers.

The bad guys already knew about the problem, or the motivated ones
found it after the partial disclosure.

Jeff

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.