Talos Security Advisory for Pidgin

[Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco)]

Hello Ethan,

I am following up to see if you have any updates or new developments.  From our last communication, I’ve noted you will perform a coordinated release with a number of vendors that distribute Pidgin or lib purple library.  How is that coming along? Do you have a projected timeline?

Thank you,

Regina Wilson
Project Coordinator, Open Source and Threat Intelligence
regiwils at cisco.com




> On Apr 14, 2016, at 11:57 AM, Ethan Blanton <elb at pidgin.im> wrote:
> 
> Ethan Blanton spake unto us the following wisdom:
>> Ethan Blanton spake unto us the following wisdom:
>>> Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) spake unto us the following wisdom:
>>>> I’ve attached encrypted zip file including the advisories and trigger
>>>> input files.
>>> 
>>> Received.  I will distribute this to the rest of the Pidgin team today.
>> 
>> TALOS-CAN-0144 has no content in the zip you sent, and TALOS-CAN-0019
>> has a PoC and some network capture data, but no textual description;
>> are these intentionally so?
> 
> Correction re: 0019; the 0119 stuff has 0019 files, which confused me.
> It's just 0144 that is empty.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160510/d6285c9e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: talos_sig[4].png
Type: image/png
Size: 8573 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160510/d6285c9e/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160510/d6285c9e/attachment-0001.sig>