old flaws

Yet another example of security researchers finding security flaws only in old versions of FOSS: a security flaw in OpenSSH 4.7 in Debian, while we have 5.1 at least since Intrepid… Do they actually wait for the secured version to be released before they announce it, or do they actually only find the flaws afterwards? I mean, I could do the same thing reading the changelog, no?

~ by azimout on June 5, 2009.