Re: [Full-disclosure] Linux Kernel CIFS Vulnerability

The correct wording is "no advisory was released yet".

An exception to the rule? The question is why? If fefe wouldn't
have pointed it out there would have been no advisory,
like the 100 other silently fixed security bugs that even
those that backport don't catch.

There is a clear statement from the Kernelhacker groups on this
situation, and it is *not* positive, so why make it look like
those that complain just do it at the wrong point in time.

again see :
http://lwn.net/Articles/285438/
http://lwn.net/Articles/286263/
http://lwn.net/Articles/287339/
http://lwn.net/Articles/288473/

and hundrets of others.

--
http://blog.zoller.lu
Thierry Zoller

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Linux Kernel CIFS Vulnerability
  - From: Marcus Meissner

References:
- [Full-disclosure] Linux Kernel CIFS Vulnerability
  - From: Andreas Bogk
- Re: [Full-disclosure] Linux Kernel CIFS Vulnerability
  - From: Marcus Meissner

Relevant Pages

Re: [Full-disclosure] Linux Kernel CIFS Vulnerability
... If fefe wouldn't ... have pointed it out there would have been no advisory, ... like the 100 other silently fixed security bugs that even ... There is a clear statement from the Kernelhacker groups on this ...
(Full-Disclosure)
Re: Proposal for new $h->{ReadOnly} attribute
... Otherwise the attribute is simply advisory. ... writing. ... otherwise throw an exception". ... My cats know that I am a loser who goes out for hunting every day ...
(perl.dbi.users)