on your blog, you said: """ Wait... really? There's a toybox CVE for httpd? (Yeah I remember fixing that bug, but was it really worth a Charged Vacuum Emboitment?) """
given that the original bug on github explicitly had the "found by $FOO of $BAR" boilerplate that you tend to see from security researchers who file these things for a living, i assume they also filed the CVE so they can claim priority if anything ever does come of this bug. (this is one reason why consumers of CVEs have their own people to try to determine the relevance/severity _to them_.) if you ever get a "real" CVE -- one that's "obviously" important -- they'll probably mail you directly rather than zero-day you via the github issue tracker :-) _______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net