Re: Erronous post concerning Backtrack 5 R2 0day
- From: Jamie Riden <jamie.riden@xxxxxxxxx>
- Date: Fri, 13 Apr 2012 17:05:31 +0100
On 12 April 2012 21:51, Adam Behnke <adam@xxxxxxxxxxxxxxxxxxxx> wrote:
Yesterday I made a post concerning a 0day advisory in Backtrack 5 R2:
http://seclists.org/fulldisclosure/2012/Apr/123
The posting was incorrect, the vulnerability was NOT in Backtrack but in
wicd, no Backtrack contributed code is vulnerable. When we tweeted and
emailed to mailing lists the notifications of this vulnerability, we
incorrectly shortened the title and called it "Backtrack 5 R2 priv
escalation 0day ", which is misleading and could lead people to believe the
bug was actually in Backtrack. The bug has always resided in wicd and not in
any Backtrack team written code. We apologize for the confusion to the
Backtrack team and any other persons affected by this error. We feel the
Backtrack distro is a great piece of software and wish muts and the rest of
the team the best.
I think some of this kerfuffle could have been avoided if the
backtrack (or wicd) team had been contacted for a response prior to
releasing the bug, as you would expect during a responsible disclosure
process (e.g. see RFPolicy, or just common sense). It would have then
been fairly obvious about who owned the bug, as it were.
It's not an uninteresting issue, but let's follow process a bit better
next please? Better for everyone involved.
cheers,
Jamie
--
Jamie Riden / jamie@xxxxxxxxxxxx / jamie.riden@xxxxxxxxx
http://uk.linkedin.com/in/jamieriden
- References:
- Erronous post concerning Backtrack 5 R2 0day
- From: Adam Behnke
- Erronous post concerning Backtrack 5 R2 0day
- Prev by Date: [ MDVSA-2012:058 ] curl
- Next by Date: ACC PHP eMail v1.1 - Multiple Web Vulnerabilites
- Previous by thread: Erronous post concerning Backtrack 5 R2 0day
- Next by thread: VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation
- Index(es):
Relevant Pages
|
