|
|
|
|
|
|
by fweimer
208 days ago
|
|
|
Distribution maintainers who do the backports do not necessarily have access to this kind of information. My impression is that open sharing of in-the-wild exploits isn't something that happens regularly anymore (if it ever did), but I'm very much out of the loop these days. And access to the reproducer is merely a replacement for lack of public vulnerability-to-commit mapping for software that has a public version control repository. |
|
|
At last count I'd written close to 2000 reproducers and approx 400 of those were local privesc for product security.
Security teams are usually highly discouraged from sharing exploits/reproducers as they have leaked in the past. My spectre/meltdown ended up on the web and someone else took credit, sad.