On Wed May 14, 2008 at 17:38:21 +0100, Simon Huggins wrote:
> > So, in conclusion, the date/size of a CVE assignment cannot be used
> > to judge the age of a security issue.
>
> Out of interest, when was this known about then?
The first report that I saw was Fri, 09 May 2008 23:33:53 +0200.
Had the issue not been leaked to Debian unstable as it was we'd
probably have had a longer embargo, and more complete instructions
at the time the DSA was prepared.
Steve
--
Managed Anti-Spam Service
http://mail-scanning.com/
