This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
CVE-2015-7547 Public Announcement ETA for NIST database Inclusion
- From: mark mark <mark74193 at gmail dot com>
- To: libc-alpha at sourceware dot org
- Date: Thu, 18 Feb 2016 14:13:58 +0800
- Subject: CVE-2015-7547 Public Announcement ETA for NIST database Inclusion
- Authentication-results: sourceware.org; auth=none
Hello,
Since the vulnerability was disclosed, my company has already began
patching affected servers. We've almost had that completed and the
only show stoppers are the linux-based network devices that are
vulnerable as per the vendor. We were told by our vendor that they
will not initiate the patch development until the vulnerability is in
the NIST database. When I checked the status this morning, the CVE
still says "Reserved" in MITRE hence it has not made it to the NIST
yet. My question is, given the significance of this issue in terms of
threat level, do you guys have any ETA on the formal announcement?
Thank you
- Mark A