Posting the hash to twitter as a proof that "something" exists reveals no actual information, so it's not considered making the exploit "public" in any meaningful way.
From the blog's timeline, it's been visible in code diffs since ~April, but only called out as a CVE since 10 days ago, so I'd consider this one hot off the presses.
Posting the hash to twitter as a proof that "something" exists reveals no actual information, so it's not considered making the exploit "public" in any meaningful way.
From the blog's timeline, it's been visible in code diffs since ~April, but only called out as a CVE since 10 days ago, so I'd consider this one hot off the presses.