Your article has a major error (well several but this is one of the
"The first indication that other distributions had was likely from Red
Hat's Eugene Teo's request for a CVE on the oss-security mailing list."
Sigh. No. This issue was discussed on the vendor sec list (a list
specifically created for Linux distribution security people so they can
notify each other of embargoed issues and co-ordinate things, share
fixes, workarounds, etc.) and all the main Linux distributions (well
anyone that cares enough about security to have a security person sign
up for the vendor-sec list) knew about this issue in advance of the
public CVE request to OSS-sec.
For more information on the closed list please see:
if you go through the archives (look for subject line "Closed list" or
"Re: Closed list" and you'll find pretty much every major Linux vendor
is on there.
Kurt Seifried / Red Hat Security Response team
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds