PGP key for vulnerability reports

Ethan Blanton elb at pidgin.im
Fri Jan 10 11:55:36 EST 2014


Ethan Blanton spake unto us the following wisdom:
> Richard Johnson spake unto us the following wisdom:
> > Hello, it has been a month since our last correspondence. We would like to
> > move forward with the process of fixing these bugs and making our snort
> > signatures public. We also have not had any feedback on the other three
> > bugs. Please let us know if we can help and a plan of action.
> 
> We are formulating a response to these bugs individually.  Please bear
> with us.

OK.  After some consultation, it appears that we have patches in place
for all of these issues except the Windows browser problem, which I'm
not sure about -- I think your team and Daniel decided this was a
Windows problem, right?  (I don't Do Windows.)

Tomasz, could you extract the patches for these individual issues and
send them (preferably PGP-encrypted to the original reporting message
key used by Richard; if you're not set up for that, put them someplace
that I can get them on rock and I'll do it) to Richard for his review?

One of our developers intends to sit down with the pending fixes this
weekend and set a timeline for a 2.10.8 (probably; maybe 2.11.0)
embargo and coordinated release.  We will keep you in the loop on that
process.

Thank you again for your patience.

Ethan


More information about the security mailing list