Hello all,
I am currently analyzing the delay between vulnerability disclosure (CVE
release) and the release of a corresponding patch.
Firstly, i noticed that some vulnerabilities are patched before the CVE
was assigned. How is that possible? Was the vulnerability "accitendally"
fixed? (Example: According to NVD CVE-2013-1943 was fixed on 2011-05-22)
Second, does someone know why some vulnerabilities get a fix on CVE
release day while some only recieve a fix after weeks or even month?
(Maximum delay I observed is 183 days)
Regards,
Stefan
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
