On Tue, 03 May 2022 18:22:37 +0200 Julian Andres Klode <j...@debian.org> wrote: > So the way this usually goes is that distros also get notified, and > fixes are held back until a date (well hour really) coordinated by the > distros so everyone can release fixes at the same time, by way of > contacting the distros mailing list > (https://oss-security.openwall.org/wiki/mailing-lists/distros) or > individual email.
I see, thank you for explaining. This is my first CVE rodeo. > Given that you are just working on this in your spare time and had not > had to deal with a CVE, I think MS should have at least helped ensure that > this is being communicated properly. That makes sense. Let me know if there's anything I can do to help. -Clayton
signature.asc
Description: PGP signature