Re: [exim-dev] [Bug 2235] New: CVE-2018-6789

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Vsevolod Stakhov
CC: hs, exim-dev, exim-maintainers
Subject: Re: [exim-dev] [Bug 2235] New: CVE-2018-6789
On 2018-02-09 at 15:32 +0000, Vsevolod Stakhov via Exim-dev wrote:
> It seems that FreeBSD is no longer considered in CVE early disclosure,
> isn't it?


There has been no change from Exim's side in how this was communicated.
We have an exim-maintainers mailing-list which has vetted people from
any interested OS project as members and that list received early
notification. I strongly suspect that the OpenWall distros mailing-list
received early notification (but am not on that list and haven't asked
Heiko; I only saw the public notifications on oss-security later).

Our process is documented at:
https://github.com/Exim/exim/wiki/SecurityReleaseProcess

So: we have a documented process, we have resources for OS folks to use,
nothing has changed here. If FreeBSD had missed the notification, then
that's unfortunate. I don't think I've done anything special in the
past to notify you beyond our documented process. If I did, then that's
on me for not documenting it for Heiko (or having any recollection of it
now).

What would you like us to have done differently?
-Phil