Re: handling of the gnutls 2.2.4 security fixes

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: handling of the gnutls 2.2.4 security fixes

From:	Simon Josefsson
Subject:	Re: handling of the gnutls 2.2.4 security fixes
Date:	Tue, 20 May 2008 11:44:32 +0200
User-agent:	Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux)

CERT-FI Vulnerability Co-ordination <address@hidden> writes:

>  > The 2.2.4 release was not handled properly. Vendor-sec received an
>  > email on the 14th of May stating that CERT-FI was going to send mail
>  > to us about an upcoming release of gnutls. That mail never arrived.
>  > Vendor-sec is *the* place to discuss non-public issues like this.
>  > Maybe this was the fault of the CERT, but the gnutls team should, in
>  > the future, make an attempt to contact us even if whatever CERT is
>  > dealing with the issue also promises to.
>
> Mea culpa. It seems I made an error when sending the announcement
> to the vendor-sec list. As I don't see the list myself, I did not
> realise that it never arrived. I'll try to be more precise with
> this in the future.

To update the public record regarding this (my replies to vendor-sec has
been private since the original email was intended to be private), you
did send it to the right address but vendor-sec's spam filter caught it.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

handling of the gnutls 2.2.4 security fixes, Jonathan Smith, 2008/05/20
- Re: [vendor-sec] handling of the gnutls 2.2.4 security fixes, Alan Cox, 2008/05/20
- Re: handling of the gnutls 2.2.4 security fixes, CERT-FI Vulnerability Co-ordination, 2008/05/20
  - Re: handling of the gnutls 2.2.4 security fixes, Simon Josefsson <=

Prev by Date: Re: handling of the gnutls 2.2.4 security fixes
Next by Date: GnuTLS 2.3.11
Previous by thread: Re: handling of the gnutls 2.2.4 security fixes
Next by thread: GnuTLS 2.3.11
Index(es):
- Date
- Thread