[ntp:security] Talos VulnDev Follow up - NTP Vulnerability

Harlan Stenn stenn at nwtime.org
Tue Apr 12 16:41:25 UTC 2016


Hi Regina,

We're planning a pre-release to advance security release partners today, availability to folks who follow CERT next Tuesday, the 19th, and public release on Tuesday the 26th. 

Sent from my iPhone - please excuse brevity and typos

> On Apr 12, 2016, at 4:53 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) <regiwils at cisco.com> wrote:
> 
> Hello Harlan,
> 
> I’d like to confirm today’s version release which will address the identified vulnerabilities.  Please advise if there’s a particular time today which you’d like to coordinate the disclosure release.
> 
> Thank you,
> 
> 
> Regina Wilson
> Project Coordinator, Open Source and Threat Intelligence
> regiwils at cisco.com
> 
> 
> <talos_sig[4].png>
> 
>> On Mar 25, 2016, at 8:15 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) <regiwils at cisco.com> wrote:
>> 
>> Thank you for the update.
>> 
>> Kind Regards,
>> 
>> Regina Wilson
>> Project Coordinator, Open Source and Threat Intelligence
>> regiwils at cisco.com
>> 
>> 
>> <talos_sig[4].png>
>> 
>>> On Mar 24, 2016, at 10:25 PM, Harlan Stenn <stenn at nwtime.org> wrote:
>>> 
>>> 
>>> 
>>> On 3/24/16 6:17 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>>> Cisco) wrote:
>>>> Hello Harlan,
>>>> 
>>>> Can you also confirm if the following vuln will be addressed in the release?
>>>> 
>>>> TALOS-CAN-0132 - CVE-2016-1551
>>> 
>>> Yes, 018-refclock-peering (TALOS-CAN-0132) is fixed and will be part of
>>> 4.2.8p7.
>>> 
>>> H
>>> ---
>>> 
>>>> I’ve attached encrypted zip file with advisory for your review.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> *Regina Wilson*
>>>> Project Coordinator, Open Source and Threat Intelligence
>>>> regiwils at cisco.com <mailto:regiwils at cisco.com>
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>> On Mar 23, 2016, at 8:40 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at 
>>>>> Cisco) <regiwils at cisco.com <mailto:regiwils at cisco.com>> wrote:
>>>>> 
>>>>> Hello Harlan,
>>>>> 
>>>>> Thank you for the update.
>>>>> 
>>>>> Kind Regards,
>>>>> 
>>>>> *Regina Wilson*
>>>>> Project Coordinator, Open Source and Threat Intelligence
>>>>> regiwils at cisco.com <mailto:regiwils at cisco.com>
>>>>> 
>>>>> 
>>>>> <talos_sig[4].png>
>>>>> 
>>>>>> On Mar 22, 2016, at 4:58 PM, Harlan Stenn <stenn at nwtime.org 
>>>>>> <mailto:stenn at nwtime.org>> wrote:
>>>>>> 
>>>>>> Hi,
>>>>>> 
>>>>>> These are all scheduled for the 4.2.8p7 release, which we now think will
>>>>>> be released to the public on 12 April.
>>>>>> 
>>>>>> On 3/22/16 7:10 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>>>>>> Cisco) wrote:
>>>>>>> Hello,
>>>>>>> 
>>>>>>> I am following up on any updates for disclosure release schedules for the
>>>>>>> following vulnerabilities:
>>>>>>> 
>>>>>>> TALOS-CAN-0081 - CVE-2016-1547
>>>>>>> TALOS-CAN-0082 - CVE-2016-1548
>>>>>>> TALOS-CAN-0083 - CVE 2016-1549
>>>>>>> TALOS-CAN-0084 - CVE 2016-1550
>>>>>>> 
>>>>>>> For further information about our disclosure process and PGP key for the
>>>>>>> vulnerability team, please see
>>>>>>> http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html
>>>>>>> 
>>>>>>> *Regina Wilson*
>>>>>>> Project Coordinator, Open Source and Threat Intelligence
>>>>>>> regiwils at cisco.com <mailto:regiwils at cisco.com><mailto:regiwils at cisco.com>
>>>>>> 
>>>>>> --
>>>>>> Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org>>
>>>>>> http://networktimefoundation.org <http://networktimefoundation.org/>- be a 
>>>>>> member!
>>> 
>>> -- 
>>> Harlan Stenn <stenn at nwtime.org>
>>> http://networktimefoundation.org - be a member!
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20160412/98f86cc0/attachment.html>


More information about the security mailing list