Talos Security Advisory for Pidgin

Gary Kramlich grim at reaperworld.com
Mon Jun 20 15:23:53 EDT 2016 

Hi Regina,

On Mon, Jun 20, 2016 at 2:20 PM, Regina Wilson -T (regiwils - ETTAIN
GROUP INC at Cisco) <regiwils at cisco.com> wrote:
>
> Hello Gary,
>
> I am following up to confirm disclosure release for tomorrow 6/21/16 for the vulnerabilities identified as the following:
>
> TALOS-CAN-0118  CVE 2016-2376
> TALOS-CAN-0119  CVE 2016-2377
> TALOS-CAN-0120  CVE 2016-2378
> TALOS-CAN-0122  CVE 2016-2379
> TALOS-CAN-0123  CVE 2016-2380
> TALOS-CAN-0128  CVE 2016-4323
> TALOS-CAN-0133  CVE 2016-2365
> TALOS-CAN-0134  CVE 2016-2366
> TALOS-CAN-0135  CVE 2016-2367
> TALOS-CAN-0136  CVE 2016-2368
> TALOS-CAN-0137  CVE 2016-2369
> TALOS-CAN-0138  CVE 2016-2370
> TALOS-CAN-0139  CVE 2016-2371
> TALOS-CAN-0140  CVE 2016-2372
> TALOS-CAN-0141  CVE 2016-2373
> TALOS-CAN-0142  CVE 2016-2374
> TALOS-CAN-0143  CVE 2016-2375


Yep, I will be releasing version 2.11.0 tonight at 00:00 UTC.

> Please confirm at your earliest convenience.
>
> Kind Regards,
>
> Regina Wilson
> Project Coordinator, Open Source and Threat Intelligence
> regiwils at cisco.com
>
>
>
> On Jun 9, 2016, at 5:22 PM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) <regiwils at cisco.com> wrote:
>
> Hello Gary,
>
> Disclosure release of 6/21/16 works.  Thanks for the update.
>
> Kind Regards,
>
> Regina Wilson
> Project Coordinator, Open Source and Threat Intelligence
> regiwils at cisco.com
>
>
> <talos_sig[4].png>
>
> On Jun 8, 2016, at 11:51 PM, Gary Kramlich <grim at reaperworld.com> wrote:
>
> On 06/06/2016 02:59 PM, Ethan Blanton wrote:
>
> Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) spake unto us the following wisdom:
>
> Thanks for the prompt response.  We are ok with a few days extension.
> Will 1 additional week from the 60 day mark help?
>
>
> If you would like to preemptively push back one week, that sounds good
> to us.  We will then present June 21 as a hard deadline to the
> packagers, giving them two weeks total, which seems fair.
>
>
> Regina, is June 21 acceptable?  If so I would like propose setting the
> time for the embargo to be 00:00 UTC on 20160621.  Please let me know if
> this is acceptable as I need to pass it on to the distributions.
>
> Ethan
>
>
> Thanks,
>
> --
> Gary Kramlich
>
>
>

Thanks,

--
Gary Kramlich <grim at reaperworld.com>

More information about the security mailing list