Talos Security Advisory for Pidgin

Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) regiwils at cisco.com
Mon Jun 20 15:20:24 EDT 2016


Hello Gary,

I am following up to confirm disclosure release for tomorrow 6/21/16 for the vulnerabilities identified as the following:

TALOS-CAN-0118  CVE 2016-2376
TALOS-CAN-0119  CVE 2016-2377
TALOS-CAN-0120  CVE 2016-2378
TALOS-CAN-0122  CVE 2016-2379
TALOS-CAN-0123  CVE 2016-2380
TALOS-CAN-0128  CVE 2016-4323
TALOS-CAN-0133  CVE 2016-2365
TALOS-CAN-0134  CVE 2016-2366
TALOS-CAN-0135  CVE 2016-2367
TALOS-CAN-0136  CVE 2016-2368
TALOS-CAN-0137  CVE 2016-2369
TALOS-CAN-0138  CVE 2016-2370
TALOS-CAN-0139  CVE 2016-2371
TALOS-CAN-0140  CVE 2016-2372
TALOS-CAN-0141  CVE 2016-2373
TALOS-CAN-0142  CVE 2016-2374
TALOS-CAN-0143  CVE 2016-2375

Please confirm at your earliest convenience.

Kind Regards,

Regina Wilson
Project Coordinator, Open Source and Threat Intelligence
regiwils at cisco.com




> On Jun 9, 2016, at 5:22 PM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) <regiwils at cisco.com> wrote:
> 
> Hello Gary,
> 
> Disclosure release of 6/21/16 works.  Thanks for the update.
> 
> Kind Regards,
> 
> Regina Wilson
> Project Coordinator, Open Source and Threat Intelligence
> regiwils at cisco.com <mailto:regiwils at cisco.com>
> 
> 
> <talos_sig[4].png>
> 
>> On Jun 8, 2016, at 11:51 PM, Gary Kramlich <grim at reaperworld.com <mailto:grim at reaperworld.com>> wrote:
>> 
>> On 06/06/2016 02:59 PM, Ethan Blanton wrote:
>>> Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) spake unto us the following wisdom:
>>>> Thanks for the prompt response.  We are ok with a few days extension.
>>>> Will 1 additional week from the 60 day mark help?
>>> 
>>> If you would like to preemptively push back one week, that sounds good
>>> to us.  We will then present June 21 as a hard deadline to the
>>> packagers, giving them two weeks total, which seems fair.
>> 
>> Regina, is June 21 acceptable?  If so I would like propose setting the
>> time for the embargo to be 00:00 UTC on 20160621.  Please let me know if
>> this is acceptable as I need to pass it on to the distributions.
>> 
>>> Ethan
>> 
>> Thanks,
>> 
>> --
>> Gary Kramlich
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160620/3a1f1d2b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: talos_sig[4].png
Type: image/png
Size: 8573 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160620/3a1f1d2b/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160620/3a1f1d2b/attachment.sig>


More information about the security mailing list