| ▲ | john_strinlai 3 hours ago |
| it was published publicly by an unrelated third party |
|
| ▲ | jacobgkau 2 hours ago | parent [-] |
| They're asking the nature of the third party's discovery/publishing. Someone on the inside who decided to leak it anonymously? Someone else who was able to access some private communication they shouldn't have been able to see? Or a third party who happened to discover the same vulnerability (which seems less unlikely than normal since this is so similar to Copy Fail), but didn't follow disclosure procedures? |
| |
| ▲ | staticassertion 2 hours ago | parent | next [-] | | The commit for the fix was public. Someone noticed. An exploit was published. | | |
| ▲ | ahartmetz 2 hours ago | parent [-] | | I think I read on the bug's website that "No fix has been released". I understood that as there is no public fix, but maybe it only means it's not in a tagged version of the kernel and no hotfixed distro kernels have been released? | | |
| ▲ | danudey an hour ago | parent [-] | | The patch was posted to the kernel mailing list; someone saw the e-mail, read the patch, figured it out, and published an exploit very soon after. |
|
| |
| ▲ | lofaszvanitt 2 hours ago | parent | prev [-] | | Following disclosure procedures? The main cause that kills the need to take security seriously. |
|
