oss-sec mailing list archives
Re: CVE-2022-21449 and version reporting
From: Jeremy Stanley <fungi () yuggoth org>
Date: Sat, 30 Apr 2022 19:43:32 +0000
On 2022-04-28 22:40:23 +0200 (+0200), Sven Schwedas wrote: [...]
You and Jeremy arguing in bad faith here, OP didn't ask about anything like that.
[...] "Bad faith" doesn't mean what you seem to think it means, unless you really believe I'm shilling for Oracle in order to mislead or defraud you in some way. I'll tell you straight up, though, I personally have no connection to Oracle nor have they ever funded my work in any way. If you've got concerns with how Oracle handles their vulnerability reporting, I would take that as an indication to stop using their software. That's what I do when I don't trust someone. Expecting MITRE to set some requirements for how everyone is allowed to report vulnerabilities for unsupported versions of software is not something I can get behind, though. -- Jeremy Stanley
Attachment:
signature.asc
Description:
Current thread:
- Re: CVE-2022-21449 and version reporting, (continued)
- Re: CVE-2022-21449 and version reporting Seth Arnold (Apr 28)
- Re: CVE-2022-21449 and version reporting Sven Schwedas (Apr 28)
- Re: CVE-2022-21449 and version reporting Seaman, Chad (Apr 28)
- Re: CVE-2022-21449 and version reporting Christian Fischer (Apr 30)
- Re: CVE-2022-21449 and version reporting John Helmert III (Apr 30)
- Re: CVE-2022-21449 and version reporting David A. Wheeler (Apr 30)
- Re: CVE-2022-21449 and version reporting Christian Fischer (Apr 30)
- Re: CVE-2022-21449 and version reporting John Helmert III (May 01)
- Re: CVE-2022-21449 and version reporting Christian Fischer (May 02)
- Re: CVE-2022-21449 and version reporting Sven Schwedas (Apr 28)
- Re: CVE-2022-21449 and version reporting Seth Arnold (Apr 28)
- Re: CVE-2022-21449 and version reporting Iron-Bound (Apr 29)
- Re: CVE-2022-21449 and version reporting Jeremy Stanley (Apr 30)