Re: DSA for CVE-2016-5696 (off-path blind TCP session attack)

To: Richard van den Berg <richard@vdberg.org>
Cc: security@debian.org, debian-security@lists.debian.org
Subject: Re: DSA for CVE-2016-5696 (off-path blind TCP session attack)
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 12 Aug 2016 17:35:34 +0200
Message-id: <[🔎] 20160812153534.lzbw7phrat6pr2xe@eldamar.local>
Mail-followup-to: Richard van den Berg <richard@vdberg.org>, security@debian.org, debian-security@lists.debian.org
In-reply-to: <[🔎] ca61a0f6965507312e653f9bf3d4e208@webmail.vdberg.org>
References: <[🔎] ca61a0f6965507312e653f9bf3d4e208@webmail.vdberg.org>

Hi Richard,

On Thu, Aug 11, 2016 at 02:41:29PM +0200, Richard van den Berg wrote:
> Dear Debian security team,
> 
> Will there be a DSA written for CVE-2016-5696 [1]? It looks pretty serious
> and I'd like to fix this on my systems ASAP.

Yes there will be a Linux DSA including the fix for CVE-2016-5696.
There is no timeline though yet, and mitigation could be used as per
https://lwn.net/Articles/696868/ .

Regards,
Salvatore

Reply to:

Follow-Ups:
- Re: DSA for CVE-2016-5696 (off-path blind TCP session attack)
  - From: Jakub Wilk <jwilk@debian.org>

References:
- DSA for CVE-2016-5696 (off-path blind TCP session attack)
  - From: Richard van den Berg <richard@vdberg.org>

Prev by Date: Re: [SECURITY] [DSA 3646-1] postgresql-9.4 security update
Next by Date: Re: DSA for CVE-2016-5696 (off-path blind TCP session attack)
Previous by thread: DSA for CVE-2016-5696 (off-path blind TCP session attack)
Next by thread: Re: DSA for CVE-2016-5696 (off-path blind TCP session attack)
Index(es):
- Date
- Thread