From owner-freebsd-security@FreeBSD.ORG Wed Apr 9 18:15:48 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 05C9F7FA for ; Wed, 9 Apr 2014 18:15:48 +0000 (UTC) Received: from mail-ve0-x232.google.com (mail-ve0-x232.google.com [IPv6:2607:f8b0:400c:c01::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B8BC41B68 for ; Wed, 9 Apr 2014 18:15:47 +0000 (UTC) Received: by mail-ve0-f178.google.com with SMTP id jw12so2379540veb.23 for ; Wed, 09 Apr 2014 11:15:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=QNLh+3sdXCrggWgoyDqLyqTfS3AkEFKUIRTcwHMPY6U=; b=vtKHxtuk5mtfNDElqXuwkGb7VdNqwu1JT7f8wB3BvYOmShrxvoThx4X/yEHGlpDdYh UyB8HdjZoRpievsraBGHy5W7/HbIZPmiPjoyTDryGnFJqY86ZzO1BoSyuNwTGoZ9Ja8f Hk6JSuJQvFktjogrHi+3U1O8MybMJs08/2J10KfsInmiCxwxAxYK9c1iurbjaqR1iF92 NZBX4d2aD1L/Vw7f0xiP75WCom1+WYdp0bXdYKE2CIF+ZquCv5g4DxbBLsXUquqU/WAW +1pv9qLjfk3E8qdbOFnFPSC8tbmr44x/iyqyJ/E2CNozNUuPSCasi8X6hJVmPVjHpXR7 rYeg== MIME-Version: 1.0 X-Received: by 10.220.12.66 with SMTP id w2mr9889537vcw.15.1397067346867; Wed, 09 Apr 2014 11:15:46 -0700 (PDT) Received: by 10.221.39.130 with HTTP; Wed, 9 Apr 2014 11:15:46 -0700 (PDT) In-Reply-To: <86txa2z8xl.fsf@nine.des.no> References: <86txa2z8xl.fsf@nine.des.no> Date: Wed, 9 Apr 2014 19:15:46 +0100 Message-ID: Subject: Re: Proposal From: Pawel Biernacki To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2014 18:15:48 -0000 On 9 April 2014 18:53, Dag-Erling Sm=C3=B8rgrav wrote: > Pawel Biernacki writes: >> RedHat managed to provide the fix within 21 hours but aparently they >> knew very eraly about the issue. FreeBSD Security Team didn't? Why? >> You can _see_ the whole process on their bugzilla >> https://bugzilla.redhat.com/show_bug.cgi?id=3D1084875. > > No you can't. That ticket is just window dressing. By the time it was > created, RedHat had known about the issue for at least a week, and > probably more. > According to http://seclists.org/oss-sec/2014/q2/36 RedHat learnt about it 7th March and after that the bugzilla entry was created. I assume that it was marked as private and unaccessible to other users for few hours until release of SA but at least he have some trace of what was done. --=20 One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die= .