PGP key for vulnerability reports

Ethan Blanton elb at pidgin.im
Thu Jan 9 09:49:14 EST 2014


Richard Johnson spake unto us the following wisdom:
> Hello, it has been a month since our last correspondence. We would like to
> move forward with the process of fixing these bugs and making our snort
> signatures public. We also have not had any feedback on the other three
> bugs. Please let us know if we can help and a plan of action.

We are formulating a response to these bugs individually.  Please bear
with us.

We are long, long overdue for a 2.x.y release, which would include
fixes for these issues.  There are a number of fixes pending such a
release.  Let me start a discussion on a 2.x.y release, and see if we
can pin down a time frame.  I respect the fact that you have been very
patient with us on this matter, and that you want to disclose and
release your signatures.  We'll try to get in gear to hold up our end
of the bargain.

Look for more from us in the next day or two.

Ethan


More information about the security mailing list