This is the mail archive of the
mailing list for the glibc project.
Re: CVE-2015-7547 Public Announcement ETA for NIST database Inclusion
- From: Florian Weimer <fweimer at redhat dot com>
- To: mark mark <mark74193 at gmail dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 18 Feb 2016 07:22:57 +0100
- Subject: Re: CVE-2015-7547 Public Announcement ETA for NIST database Inclusion
- Authentication-results: sourceware.org; auth=none
- References: <CAOn3ZYdkP3onWffdEObk9KKTzJ0vKtOKUVUExjG6yYk3LNEZpQ at mail dot gmail dot com>
On 02/18/2016 07:13 AM, mark mark wrote:
> Since the vulnerability was disclosed, my company has already began
> patching affected servers. We've almost had that completed and the
> only show stoppers are the linux-based network devices that are
> vulnerable as per the vendor. We were told by our vendor that they
> will not initiate the patch development until the vulnerability is in
> the NIST database.
if you can share the vendor (off-list), I'm happy to explain to them why
this approach does not work.
In fact, it is so far out of the ordinary that I'm wondering if you have
relayed their position correctly.