To reiterate the boilerplate in the bug description, please avoid (even private) disclosure of the vulnerability and associated patches to other individuals not already approved for access to this information. Deploying the patches in production in a large service provider runs the risk that others within the same organization have access to the details of this fix in advance of the downstream pre-notification.
To reiterate the boilerplate in the bug description, please avoid (even private) disclosure of the vulnerability and associated patches to other individuals not already approved for access to this information. Deploying the patches in production in a large service provider runs the risk that others within the same organization have access to the details of this fix in advance of the downstream pre-notification.