Talos Security Advisory for Pidgin

Ethan Blanton elb at pidgin.im
Thu Apr 14 11:32:01 EDT 2016


Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) spake unto us the following wisdom:
> I’ve attached encrypted zip file including the advisories and trigger
> input files.

Received.  I will distribute this to the rest of the Pidgin team today.

Please note that we are an all-volunteer organization, and as such our
timelines can be longer than we would sometimes wish.  We will perform
coordinated release with a number of vendors who distribute Pidgin or
libpurple (including many Linux distributions and several clients
using the libpurple library, depending on the specific
vulnerabilities), and the Talos CVEs will be cited in the release
notes and published on our security page.  I see that your normal
timeline includes publication after 60 days; we will certainly patch
and release any critical bugs within that window, but less critical
bugs may or may not be delayed due to coordination or other concerns.
Please bear with us.

> For further information about our disclosure process and PGP key for
> the vulnerability team, please see
> http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html
> <http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html>

I feel like this should be an https link.  ;-)

Ethan




More information about the security mailing list