oss-sec mailing list archives
Re: Why send bugs embargoed to distros?
From: Kurt H Maier <khm () sciops net>
Date: Sat, 23 Sep 2017 09:20:50 -0700
On Sat, Sep 23, 2017 at 01:44:18PM +0200, Hanno Böck wrote:
If I can trust Red Hat's CVE tracker [3] there still are no fixed packages available. Also I haven't found any info about updated opensuse packages.
This is standard operating procedure for Red Hat, at least. Generally days or even weeks pass before patches are released. If you're an "Extended Update Support" customer you can expect months to go by. If you're super lucky you'll get a systemtap script to play with, but that generally requires a kernel RCE. khm
Current thread:
- Why send bugs embargoed to distros? Hanno Böck (Sep 23)
- Re: Why send bugs embargoed to distros? Levente Polyak (Sep 23)
- Re: Why send bugs embargoed to distros? Anthony Liguori (Sep 23)
- Re: Why send bugs embargoed to distros? Simon McVittie (Sep 23)
- Re: Why send bugs embargoed to distros? Marc Deslauriers (Sep 23)
- Re: Why send bugs embargoed to distros? Kurt H Maier (Sep 23)
- Re: Why send bugs embargoed to distros? Till Dörges (Sep 23)
- Re: Why send bugs embargoed to distros? Marcus Meissner (Sep 23)
- Re: Why send bugs embargoed to distros? Ludovic Courtès (Sep 24)
- Re: Why send bugs embargoed to distros? Igor Seletskiy (Sep 24)
- Re: Why send bugs embargoed to distros? John Haxby (Sep 25)
- Re: Why send bugs embargoed to distros? Cliff Perry (Sep 25)
- Re: Why send bugs embargoed to distros? Leo Famulari (Sep 25)
- Re: Why send bugs embargoed to distros? Levente Polyak (Sep 23)