CVE-2019-5599 SACK Slowness (FreeBSD 12 using the RACK TCP Stack)
Gordon Tetlow
gordon at tetlows.org
Wed Jul 3 17:18:18 UTC 2019
Sorry for the late response, only so many hours in the day.
On Tue, Jun 18, 2019 at 08:06:55PM -0400, Shawn Webb wrote:
> It appears that Netflix's advisory (as of this writing) does not
> include a timeline of events. Would FreeBSD be able to provide its
> event timeline with regards to CVE-2019-5599?
I don't generally document a timeline of events from our side. This
particular disclosure was a bit unusual as it wasn't external but
instead was an internal FreeBSD developer the security team often works
with. As such, our process was a bit out of sync with normal (as much as
we have a normal with our current processes). All of that said, we got
notice in early June, about 10 days before public disclosure.
> Were any FreeBSD derivatives given advanced notice? If so, which ones?
They were not. I would like to get to a point where we feel we could
give some sort of heads up for downstream, but we aren't there yet.
Best,
Gordon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20190703/dd4343f6/attachment.sig>
More information about the freebsd-security
mailing list