Talos Security Advisory for Pidgin

Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) regiwils at cisco.com
Mon Jun 6 15:28:33 EDT 2016


HI Ethan,

Thanks for the prompt response.  We are ok with a few days extension. Will 1 additional week from the 60 day mark help?

Regina Wilson
Project Coordinator, Open Source and Threat Intelligence
regiwils at cisco.com




> On Jun 6, 2016, at 3:09 PM, Ethan Blanton <elb at pidgin.im> wrote:
> 
> Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) spake unto us the following wisdom:
>> As we are approaching the 60 day mark next week (Jun 14th), I wanted
>> to follow up with you on any new developments.  Do you have a
>> date/timeline for the disclosure release?
> 
> We have actually been working on this fast and furious this past
> weekend and today.  We have patches for all of the vulnerabilities and
> they are in review at the moment.  We have one other vulnerability to
> coordinate as well, which requires some more work.  We are hoping to
> get patches out to packagers in the next day or two; we would like to
> give them at least one week to coordinate their package releases.
> 
> We're shooting to meet the 60-day window, but if it's possible to slip
> a few days if packagers ask for more time, we would appreciate it --
> we had hoped to give them more heads up than this.
> 
> Ethan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160606/0c24ce74/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: talos_sig[4].png
Type: image/png
Size: 8573 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160606/0c24ce74/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160606/0c24ce74/attachment-0001.sig>


More information about the security mailing list