This fix was therefore not backported to long-term distributions such as CentOS:
Your daily reminder that long term support with backports never manges to backport all the fixes.
but it was not recognized as a security threat.
Your daily reminder that Linus would prefer to hide security-related bugs with innocuous commit messages.
Yeah, also true, some orgs struggle more than others, but I think it’s true in general, even for the best of us. Mitigations get better, hardening gets harder, part one of a two part vuln gets fixed, etc.
Your daily reminder that long term support with backports never manges to backport all the fixes.
Your daily reminder that Linus would prefer to hide security-related bugs with innocuous commit messages.
Yeah, also true, some orgs struggle more than others, but I think it’s true in general, even for the best of us. Mitigations get better, hardening gets harder, part one of a two part vuln gets fixed, etc.