Hi, I found very worrying statement in that document: "2015-01-27: FreeBSD informs us that after going through their mail archive they found out that the same issue was reported by Google and that they missed it." How many other such mails were missed? Pawel ---------- Forwarded message ---------- From: Ed Maste <emaste at freebsd.org> Date: 28 January 2015 at 01:03 Subject: svn commit: r277806 - head/sys/dev/vt On 27 January 2015 at 14:35, Xin LI <delphij at freebsd.org> wrote:> Author: delphij > Date: Tue Jan 27 19:35:41 2015 > New Revision: 277806 > URL: https://svnweb.freebsd.org/changeset/base/277806 >...> > More information can be found at CORE Security's advisory at: >http://www.coresecurity.com/content/freebsd-kernel-multiple-vulnerabilities That link gives me a 404; it looks like the page is now here: http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities -- One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die.
Pawel Biernacki <pawel.biernacki at gmail.com> wrote:> I found very worrying statement in that document: > > "2015-01-27: FreeBSD informs us that after going through their mail archive > they found out that the same issue was reported by Google and that they > missed it." > > How many other such mails were missed?I can't answer this question, but I reported a couple of ggated issues (DoS, non-critical memory disclosure) in December: 2014-12-09: Initial notification sent with potential patches. 2014-12-18: The mail was acknowledged and additional information requested. 2014-12-19: A more verbose description of the issue was sent as requested. 2015-01-15: I asked for a status update, preferably before FOSDEM. I haven't heard back yet and don't know when the issues will be addressed. Fabian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20150128/4b339990/attachment.sig>