Dailydave: Re: DSU

[Florian Weimer <fw () deneb enyo de>]

> nice try but then how do you explain the following:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2448
> in particular note the date of the CVE entry vs. that of the commit
> and the obvious discrepancy between the two descriptions.
There is no discrepancy.  The commit message does not address the
security aspect at all.

> something known to be as a security bug in May (hence the request
> for the CVE entry) was committed with a rather non-descript message
> next month.
The CVE name likely likely comes from a CNA pool.  In this case, the
assignment date has *nothing* to do with the discovery date.

> i for one would really like to see what went on on vendor-sec or the
> kernel security list regarding this bug.
Hey, a local DoS on a fringe architecture is not worth a conspiracy.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave