|
Message-ID: <20220526170432.m2o2srztnidk7jyw@yuggoth.org>
Date: Thu, 26 May 2022 17:04:32 +0000
From: Jeremy Stanley <fungi@...goth.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2022-1729: race condition in Linux perf
subsystem leads to local privilege escalation
On 2022-05-26 18:44:38 +0200 (+0200), Norbert Slusarek wrote:
[...]
> Overall, as a researcher I would prefer having a way just to
> inform distros of a bug, *without* being subject to these
> requirements.
Problem is, at least some of the distribution representatives don't
want to be privy to indefinitely secret information like exploits,
as that's also a liability for them. They're willing to tolerate it
for a brief period, but don't wish to be responsible for keeping
your secret forever.
--
Jeremy Stanley
Download attachment "signature.asc" of type "application/pgp-signature" (964 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.