BLUE

ky.le

@polyrhyth.ms

bird nerd, art fiend, internet enthusiast music blog: polyrhyth.ms photo portfolio: indiffe.rent rave music radio: radio.ravemix.es discord: seltzeraddict he/him | ?

476 followers294 following3.2k posts

Kpolyrhyth.msOct 10, 2023 1:30pm

Do we know if it was exploited in the wild at all before it was found?

DBretr0.idOct 10, 2023 1:31pm

if this was known, I imagine the patch would've been pushed out way faster

db-user.bsky.socialOct 10, 2023 2:30pm

this is the main reply from a dev gives some context and hints that they are not seeing nor hearing about this exploited in the wild there doesn't appear to be a public exploit available either, but I'll admit I just did a cursory search

I set the date to

• allow us a few days for more deliberating on the vulnerability, to really think it through, write the advisory, understand it proper. Rinse and repeat.
• give "distro people" a few days to prepare patched updates
• allow a few days for the project (and me) to line up things to prepare for the new release
• we can spread the word about the pending release and the main reason for it in the mean time
• the release needs to work with my personal schedule and Wednesdays are our standard release days

Sure, there is a minuscule risk that someone can find this (again) before we ship the patch, but this issue has stayed undetected for years for a reason. I think taking a few days to make sure we do a solid release is worth this risk.

ky.le

@polyrhyth.ms

bird nerd, art fiend, internet enthusiast music blog: polyrhyth.ms photo portfolio: indiffe.rent rave music radio: radio.ravemix.es discord: seltzeraddict he/him | ?

476 followers294 following3.2k posts