Giorgos Keramidas wrote: > Przemyslaw should email security-officer with any details he thinks are > relevant. Then the security team will make sure to fix the bug for all > affected releases of FreeBSD, release a patch with the fix, issue an > advisory through the usual channels, and post the details online at our > security information web pages at <http://www.FreeBSD.org/security/>.
I see that I received a lot of criticism after disclosing 6.4 vulnerability. Please read some facts: I send few mails: on 29th Aug to security team, on 2nd Sep and 11th Sep directly to security officer. None of them were responded. I haven't filled any PRs, because it would disclose details of vulnerability to the public and allow blackhats to exploit it. I won't publish anything more than video, before official security advisory. The exploit is private to me and it won't be given to the "community". Michael Powell wrote: > Quoted from ~freebsd.security.general: > "The bug was fixed in 6.1-STABLE, just before release of 6.2-RELEASE, but > was not recognized as security vulnerability." This is another bug. The former one affected only 6.1, this one affects everything up to 6.4-STABLE. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
