handling of the gnutls 2.2.4 security fixes
CERT-FI Vulnerability Co-ordination
vulncoord at ficora.fi
Tue May 20 09:15:57 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
> The 2.2.4 release was not handled properly. Vendor-sec received an
> email on the 14th of May stating that CERT-FI was going to send mail
> to us about an upcoming release of gnutls. That mail never arrived.
> Vendor-sec is *the* place to discuss non-public issues like this.
> Maybe this was the fault of the CERT, but the gnutls team should, in
> the future, make an attempt to contact us even if whatever CERT is
> dealing with the issue also promises to.
Mea culpa. It seems I made an error when sending the announcement
to the vendor-sec list. As I don't see the list myself, I did not
realise that it never arrived. I'll try to be more precise with
this in the future.
- -Juhani Eronen / CERT-FI Vulnerability Co-ordination
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnutls-devel