Return-Path: <linux-kernel-owner+willy=40w.ods.org-S261320AbVAKSTy@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S261320AbVAKSTy (ORCPT <rfc822;willy@w.ods.org>);
	Tue, 11 Jan 2005 13:19:54 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261264AbVAKRsV
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Tue, 11 Jan 2005 12:48:21 -0500
Received: from clock-tower.bc.nu ([81.2.110.250]:38356 "EHLO
	localhost.localdomain") by vger.kernel.org with ESMTP
	id S262831AbVAKRPc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 11 Jan 2005 12:15:32 -0500
Subject: Re: Proper procedure for reporting possible security
	vulnerabilities?
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Steve Bergman <steve@rueb.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
In-Reply-To: <41E2F6B3.9060008@rueb.com>
References: <41E2B181.3060009@rueb.com> <87d5wdhsxo.fsf@deneb.enyo.de>
	 <41E2F6B3.9060008@rueb.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-Id: <1105457773.15793.28.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) 
Date: Tue, 11 Jan 2005 16:10:57 +0000
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 714
Lines: 22

On Llu, 2005-01-10 at 21:42, Steve Bergman wrote:
> handled.  They clam that they sent email to Linus and Andrew and did not 
> receive a response for 3 weeks, and that is why they released exploit 
> code into the wild.
> 
> Anyone here have any comments on what I should tell him?

They could have reported them to:
	vendor-sec
	cert
	dfn-cert
	any other cert like object
	security@almost any linux vendor

but didn't. Nor it appears did they chase up their report.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/