On Wed, May 14, 2008 at 05:27:43PM +0100, Steve Kemp wrote:
> On Wed May 14, 2008 at 17:19:25 +0100, Hugo Mills wrote:
> > The problem was known about in January -- that's when the CVE number
> > was allocated. It wasn't discovered and fixed in the space of a day.
> Not entirely true (speaking as Debian security team member).
[..]
> So, in conclusion, the date/size of a CVE assignment cannot be used
> to judge the age of a security issue.
Out of interest, when was this known about then?
--
Simon Huggins \ "Life... Don't talk to me about life..." - Marvin
\
http://www.earth.li/~huggie/ htag.pl 0.0.22
