oss-sec mailing list archives
Security release pre-announcement messages
From: Douglas Bagnall <douglas.bagnall () catalyst net nz>
Date: Wed, 24 Jul 2019 09:55:13 +1200
On 22/07/19 11:50 PM, Solar Designer wrote:
Exactly. It's just an unusual disclosure process that involves giving the users a heads-up a few days before public disclosure of the actual vulnerabilities and fixes. So far, this process is practiced by OpenSSL and Exim (any others?)
On the Samba team we use wording like this: https://lists.samba.org/archive/samba/2019-June/223621.html ---------------------------- Subject: Heads-up: Security Releases ahead! Hi, This is a heads-up that there will be Samba security updates on Wednesday, June 19 2019. Please make sure that your Samba servers will be updated soon after the release! Impacted components: - AD DC (CVSS 6.5, Medium) ----------------------------- We now do this systematically, after a haphazard start. To help ourselves stay on track, we are trying to formalise our process into something approaching a checklist: https://wiki.samba.org/index.php/Samba_Security_Process and we are happy to hear suggestions for improvement. cheers, Douglas
Current thread:
- CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Stuart Henderson (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Solar Designer (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Amos Jeffries (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Ian Zimmerman (Jul 22)
- Security release pre-announcement messages Douglas Bagnall (Jul 24)
- Re: Security release pre-announcement messages Stiepan (Jul 26)
- Re: Security release pre-announcement messages Greg KH (Jul 26)
- Re: Security release pre-announcement messages Greg KH (Jul 26)
- Re: Security release pre-announcement messages Stiepan (Jul 26)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Stuart Henderson (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann (Jul 22)