Talos Security Advisory for Pidgin

Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) regiwils at cisco.com
Mon Jun 20 15:31:36 EDT 2016 

Sounds good, Gary.  Thanks for the quick response.

Kind Regards,

Regina Wilson
Project Coordinator, Open Source and Threat Intelligence
regiwils at cisco.com




> On Jun 20, 2016, at 3:23 PM, Gary Kramlich <grim at reaperworld.com> wrote:
> 
> Hi Regina,
> 
> On Mon, Jun 20, 2016 at 2:20 PM, Regina Wilson -T (regiwils - ETTAIN
> GROUP INC at Cisco) <regiwils at cisco.com <mailto:regiwils at cisco.com>> wrote:
>> 
>> Hello Gary,
>> 
>> I am following up to confirm disclosure release for tomorrow 6/21/16 for the vulnerabilities identified as the following:
>> 
>> TALOS-CAN-0118  CVE 2016-2376
>> TALOS-CAN-0119  CVE 2016-2377
>> TALOS-CAN-0120  CVE 2016-2378
>> TALOS-CAN-0122  CVE 2016-2379
>> TALOS-CAN-0123  CVE 2016-2380
>> TALOS-CAN-0128  CVE 2016-4323
>> TALOS-CAN-0133  CVE 2016-2365
>> TALOS-CAN-0134  CVE 2016-2366
>> TALOS-CAN-0135  CVE 2016-2367
>> TALOS-CAN-0136  CVE 2016-2368
>> TALOS-CAN-0137  CVE 2016-2369
>> TALOS-CAN-0138  CVE 2016-2370
>> TALOS-CAN-0139  CVE 2016-2371
>> TALOS-CAN-0140  CVE 2016-2372
>> TALOS-CAN-0141  CVE 2016-2373
>> TALOS-CAN-0142  CVE 2016-2374
>> TALOS-CAN-0143  CVE 2016-2375
> 
> 
> Yep, I will be releasing version 2.11.0 tonight at 00:00 UTC.
> 
>> Please confirm at your earliest convenience.
>> 
>> Kind Regards,
>> 
>> Regina Wilson
>> Project Coordinator, Open Source and Threat Intelligence
>> regiwils at cisco.com <mailto:regiwils at cisco.com>
>> 
>> 
>> 
>> On Jun 9, 2016, at 5:22 PM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) <regiwils at cisco.com <mailto:regiwils at cisco.com>> wrote:
>> 
>> Hello Gary,
>> 
>> Disclosure release of 6/21/16 works.  Thanks for the update.
>> 
>> Kind Regards,
>> 
>> Regina Wilson
>> Project Coordinator, Open Source and Threat Intelligence
>> regiwils at cisco.com <mailto:regiwils at cisco.com>
>> 
>> 
>> <talos_sig[4].png>
>> 
>> On Jun 8, 2016, at 11:51 PM, Gary Kramlich <grim at reaperworld.com> wrote:
>> 
>> On 06/06/2016 02:59 PM, Ethan Blanton wrote:
>> 
>> Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) spake unto us the following wisdom:
>> 
>> Thanks for the prompt response.  We are ok with a few days extension.
>> Will 1 additional week from the 60 day mark help?
>> 
>> 
>> If you would like to preemptively push back one week, that sounds good
>> to us.  We will then present June 21 as a hard deadline to the
>> packagers, giving them two weeks total, which seems fair.
>> 
>> 
>> Regina, is June 21 acceptable?  If so I would like propose setting the
>> time for the embargo to be 00:00 UTC on 20160621.  Please let me know if
>> this is acceptable as I need to pass it on to the distributions.
>> 
>> Ethan
>> 
>> 
>> Thanks,
>> 
>> --
>> Gary Kramlich
>> 
>> 
>> 
> 
> Thanks,
> 
> --
> Gary Kramlich <grim at reaperworld.com <mailto:grim at reaperworld.com>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160620/d568293d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: talos_sig[4].png
Type: image/png
Size: 8573 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160620/d568293d/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160620/d568293d/attachment-0001.sig>

More information about the security mailing list