oss-sec mailing list archives
Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient()
From: Zdenek Dohnal <zdohnal () redhat com>
Date: Mon, 26 Jun 2023 09:01:05 +0200
I'm sorry for the confusion :( - yes, the emails to oss-security were announcing the end of embargoes and that the fixes are already merged.
I've updated the guide I was following to prevent this in the future. Zdenek On 6/23/23 17:02, Solar Designer wrote:
On Thu, Jun 22, 2023 at 12:02:39PM +0200, Zdenek Dohnal wrote:there is currently the embargoed CVE-2023-34241 in CUPS project:Of course, this wasn't actually embargoed anymore at that time - Zdenek simply resent the exact same message he had sent to the distros list on June 13, when the issue was in fact still embargoed. Similarly, the previous CUPS vulnerability disclosure on June 1 was a copy of the distros message from May 23: https://www.openwall.com/lists/oss-security/2023/06/01/1 Let's be updating these when posting them publicly going forward to avoid confusion - like "was this published inadvertently when still under embargo?" (luckily, no). Alexander
-- Zdenek Dohnal Senior Software Engineer Red Hat, BRQ-TPBC
Current thread:
- CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Zdenek Dohnal (Jun 22)
- Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Solar Designer (Jun 23)
- Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Zdenek Dohnal (Jun 26)
- Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Solar Designer (Jun 23)