This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: CVE-2015-7547 Public Announcement ETA for NIST database Inclusion

From: Florian Weimer <fweimer at redhat dot com>
To: mark mark <mark74193 at gmail dot com>
Cc: libc-alpha at sourceware dot org
Date: Thu, 18 Feb 2016 07:22:57 +0100
Subject: Re: CVE-2015-7547 Public Announcement ETA for NIST database Inclusion
Authentication-results: sourceware.org; auth=none
References: <CAOn3ZYdkP3onWffdEObk9KKTzJ0vKtOKUVUExjG6yYk3LNEZpQ at mail dot gmail dot com>

On 02/18/2016 07:13 AM, mark mark wrote:
> Hello,
> 
> Since the vulnerability was disclosed, my company has already began
> patching affected servers. We've almost had that completed and the
> only show stoppers are the linux-based network devices that are
> vulnerable as per the vendor. We were told by our vendor that they
> will not initiate the patch development until the vulnerability is in
> the NIST database.

Hi Mark,

if you can share the vendor (off-list), I'm happy to explain to them why
this approach does not work.

In fact, it is so far out of the ordinary that I'm wondering if you have
relayed their position correctly.

Thanks,
Florian

References:
- CVE-2015-7547 Public Announcement ETA for NIST database Inclusion
  - From: mark mark

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]