Comment by whyleyc
12 years ago
This doesn't sound like "responsible disclosure" to me - how can Codenomicon dump this news when all the major Linux vendors don't have patches ready to go ?
12 years ago
This doesn't sound like "responsible disclosure" to me - how can Codenomicon dump this news when all the major Linux vendors don't have patches ready to go ?
Because it was already disclosed the instant the OpenSSL release went out and the fix was public.
Well someone was able to give Cloudflare a heads up last week [1].
It would have been nice if the package maintainers could have had time to build ready-to-roll solutions with Heartbeat compiled out prior to the official OpenSSL fix.
[1] http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerab...