Does anyone know if there is official/unofficial vendor/manufacturer list yet to all their official Vulnerability webpage info? I thought I saw some when Heartbleed broke out. -- Later, Joe On Wed, Sep 24, 2014 at 9:41 PM, Hugo Slabbert <hugo@slabnet.com> wrote:
when do you think the embargo is over?
ref: http://seclists.org/oss-sec/2014/q3/650
"At present, public disclosure is scheduled for Wednesday, 2014-09-24 14:00 UTC. We do not expect the schedule to change, but we may be forced to revise it."
Date: Wed, 24 Sep 2014 15:07:26 -0400
From: Jared Mauch <jared@puck.nether.net> To: Randy Bush <randy@psg.com> Cc: North American Network Operators' Group <nanog@nanog.org> Subject: Re: update X-Mailer: Apple Mail (2.1985.4)
Can I presume you’re talking about the bash CVE-2014-6271?
Date: Wed, 24 Sep 2014 13:09:19 -0600
From: Spencer Gaw <spencerg@frii.net> To: Randy Bush <randy@psg.com>, North American Network Operators' Group < nanog@nanog.org> Subject: Re: update User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1
Both are > 2014-09-24 14:00 UTC by my count. Unless the embargo got extended?
On Thu 2014-Sep-25 13:05:45 +0900, Randy Bush <randy@psg.com> wrote:
Keeping silent after the embargo is over isn't doing anyone any
favors.
when do you think the embargo is over?
yes, it got blabbed. but that does not mean one should be a blabber.
randy
-- Hugo