|
|
|
|
|
|
by marshray
45 days ago
|
|
|
AFAICT it was a Linux kernel maintainer who first "told the entire world about the vulnerability" on 2026-03-31:
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryp... The CVE was officially announced on 2026-04-22:
https://lore.kernel.org/linux-cve-announce/2026042214-CVE-20... Theori were simply the last team to publicly disclose the vulnerability on 2026-04-29, 37 days after reporting it to the vendor. They were simply more effective at communicating it, and they told you that you were vulnerable. That's why you're mad at them instead of the people who put the bug there in the first place, didn't bring its severity to your attention, and silently sat on the patch. |
|
|