oss-sec mailing list archives
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser
From: Stephan Wiesand <stephan.wiesand () gmail com>
Date: Fri, 24 Jul 2015 19:37:41 +0200
On Jul 23, 2015, at 20:43 , Leif Nixon wrote:
Qualys Security Advisory <qsa () qualys com> writes:Hello, it is July 23, 2015, 17:00 UTC, the Coordinated Release Date for CVE-2015-3245 and CVE-2015-3246. Please find our advisory below, and our exploit attached.*Why* are you releasing a full exploit just minutes after the patch is released? (Disclosure: I am employed by Red Hat, but this is my purely personal question.)
Wild guess: Their customers had plenty of time to understand the issue and its impact, and to roll out either a fix or some mitigation. And thus an edge. Looks like "just business...".
Current thread:
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser, (continued)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Michal Zalewski (Jul 25)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Dave Horsfall (Jul 25)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Brad Knowles (Jul 25)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Hanno Böck (Jul 26)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser mancha (Jul 24)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Brandon Perry (Jul 24)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser mancha (Jul 27)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Ankeet Presswala (Jul 27)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser z80 (Jul 29)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Solar Designer (Jul 29)