On 01/06/2016 07:17 AM, Stefan Kanthak wrote: > Second and last chance! > See <http://home.arcor.de/skanthak/policy.html>
Your policy page mentions a 45-day window, but: > > ----- Original Message ----- > From: "Stefan Kanthak" <stefan.kant...@nexgo.de> > To: <secur...@cygwin.org> > Cc: <secur...@redhat.com> > Sent: Monday, December 28, 2015 4:23 AM If this was your original off-list post, you just violated your own policy, since you included cygwin AT cygwin.com which is a public list on the ping, and thereby made the issue public, without waiting 45 days. >> 1. visit <http://home.arcor.de/skanthak/sentinel.html>, download >> <http://home.arcor.de/skanthak/download/SENTINEL.DLL> and save >> it as UXTheme.dll in your "Downloads" directory; >> >> 2. on Windows XP, copy the downloaded UXTheme.dll as ClbCatQ.dll; You do realize that Windows XP is unsupported by Microsoft; if your exploit requires an unsupported OS, does it really deserve a fix? >> >> I'll publish in 45 days. >> See <http://home.arcor.de/skanthak/policy.html> and return the >> CVE identifier assigned for this vulnerability to me! -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
