Re: [exim-dev] [Bug 2235] New: CVE-2018-6789

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: Vsevolod Stakhov, exim-dev, exim-maintainers
Subject: Re: [exim-dev] [Bug 2235] New: CVE-2018-6789
Phil Pennock <pdp@???> (Di 13 Feb 2018 00:08:50 CET):
> On 2018-02-09 at 15:32 +0000, Vsevolod Stakhov via Exim-dev wrote:
> > It seems that FreeBSD is no longer considered in CVE early disclosure,
> > isn't it?
>
> There has been no change from Exim's side in how this was communicated.
> We have an exim-maintainers mailing-list which has vetted people from
> any interested OS project as members and that list received early


The early notification was sent to oss-security@,

> notification. I strongly suspect that the OpenWall distros mailing-list
> received early notification (but am not on that list and haven't asked
> Heiko; I only saw the public notifications on oss-security later).


The notification on oss-security he got, I think. But not my poll about
cutting the embargo, that was sent to linux-distros only. I'm sorry for
that.

It was my fault. I accidently didn't post to distros@???… but to
linux-distros@???… (Autocompletion in the mailclient :(

I didn't resent it to distros then, because I decided to cut the embargo
and to sent a public notification about it to oss-security.

Via personal mail we had some communication and Vsevolod got access to
the security repo (he alread had access, but missed the notificion on
oss-security somehow). Kurt Jäger contacted me after the first
notification to oss-security was sent, and I told him, that we have Vsevolod in
the list of keys for the security repo. That was fine for him.

--
Heiko