[ntp:security] Talos VulnDev Follow up - NTP Vulnerability

Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) regiwils at cisco.com
Tue Apr 12 11:53:46 UTC 2016


Hello Harlan,

I’d like to confirm today’s version release which will address the identified vulnerabilities.  Please advise if there’s a particular time today which you’d like to coordinate the disclosure release.

Thank you,


Regina Wilson
Project Coordinator, Open Source and Threat Intelligence
regiwils at cisco.com




> On Mar 25, 2016, at 8:15 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) <regiwils at cisco.com> wrote:
> 
> Thank you for the update.
> 
> Kind Regards,
> 
> Regina Wilson
> Project Coordinator, Open Source and Threat Intelligence
> regiwils at cisco.com <mailto:regiwils at cisco.com>
> 
> 
> <talos_sig[4].png>
> 
>> On Mar 24, 2016, at 10:25 PM, Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org>> wrote:
>> 
>> 
>> 
>> On 3/24/16 6:17 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>> Cisco) wrote:
>>> Hello Harlan,
>>> 
>>> Can you also confirm if the following vuln will be addressed in the release?
>>> 
>>> TALOS-CAN-0132 - CVE-2016-1551
>> 
>> Yes, 018-refclock-peering (TALOS-CAN-0132) is fixed and will be part of
>> 4.2.8p7.
>> 
>> H
>> ---
>> 
>>> I’ve attached encrypted zip file with advisory for your review.
>>> 
>>> 
>>> 
>>> 
>>> *Regina Wilson*
>>> Project Coordinator, Open Source and Threat Intelligence
>>> regiwils at cisco.com <mailto:regiwils at cisco.com> <mailto:regiwils at cisco.com <mailto:regiwils at cisco.com>>
>>> 
>>> 
>>> 
>>> 
>>> 
>>>> On Mar 23, 2016, at 8:40 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>>>> Cisco) <regiwils at cisco.com <mailto:regiwils at cisco.com> <mailto:regiwils at cisco.com <mailto:regiwils at cisco.com>>> wrote:
>>>> 
>>>> Hello Harlan,
>>>> 
>>>> Thank you for the update.
>>>> 
>>>> Kind Regards,
>>>> 
>>>> *Regina Wilson*
>>>> Project Coordinator, Open Source and Threat Intelligence
>>>> regiwils at cisco.com <mailto:regiwils at cisco.com> <mailto:regiwils at cisco.com <mailto:regiwils at cisco.com>>
>>>> 
>>>> 
>>>> <talos_sig[4].png>
>>>> 
>>>>> On Mar 22, 2016, at 4:58 PM, Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org>
>>>>> <mailto:stenn at nwtime.org <mailto:stenn at nwtime.org>>> wrote:
>>>>> 
>>>>> Hi,
>>>>> 
>>>>> These are all scheduled for the 4.2.8p7 release, which we now think will
>>>>> be released to the public on 12 April.
>>>>> 
>>>>> On 3/22/16 7:10 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>>>>> Cisco) wrote:
>>>>>> Hello,
>>>>>> 
>>>>>> I am following up on any updates for disclosure release schedules for the
>>>>>> following vulnerabilities:
>>>>>> 
>>>>>> TALOS-CAN-0081 - CVE-2016-1547
>>>>>> TALOS-CAN-0082 - CVE-2016-1548
>>>>>> TALOS-CAN-0083 - CVE 2016-1549
>>>>>> TALOS-CAN-0084 - CVE 2016-1550
>>>>>> 
>>>>>> For further information about our disclosure process and PGP key for the
>>>>>> vulnerability team, please see
>>>>>> http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html <http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html>
>>>>>> 
>>>>>> *Regina Wilson*
>>>>>> Project Coordinator, Open Source and Threat Intelligence
>>>>>> regiwils at cisco.com <mailto:regiwils at cisco.com><mailto:regiwils at cisco.com>
>>>>> 
>>>>> --
>>>>> Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org> <mailto:stenn at nwtime.org <mailto:stenn at nwtime.org>>>
>>>>> http://networktimefoundation.org <http://networktimefoundation.org/> <http://networktimefoundation.org/ <http://networktimefoundation.org/>>- be a
>>>>> member!
>>>> 
>>> 
>> 
>> --
>> Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org>>
>> http://networktimefoundation.org <http://networktimefoundation.org/> - be a member!
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20160412/aaf8af2d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: talos_sig[4].png
Type: image/png
Size: 8573 bytes
Desc: not available
URL: <http://lists.ntp.org/private/security/attachments/20160412/aaf8af2d/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.ntp.org/private/security/attachments/20160412/aaf8af2d/attachment-0001.sig>


More information about the security mailing list