[ntp:security] Talos VulnDev Follow up - NTP Vulnerability

Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) regiwils at cisco.com
Tue Apr 12 17:57:34 UTC 2016


Hello Harlan,

Thank you for the updated timeline.  We will coordinate release on our end accordingly.

Kind Regards,
Regina Wilson
Project Coordinator, Open Source and Threat Intelligence
regiwils at cisco.com




> On Apr 12, 2016, at 12:41 PM, Harlan Stenn <stenn at nwtime.org> wrote:
> 
> Hi Regina,
> 
> We're planning a pre-release to advance security release partners today, availability to folks who follow CERT next Tuesday, the 19th, and public release on Tuesday the 26th.
> 
> Sent from my iPhone - please excuse brevity and typos
> 
> On Apr 12, 2016, at 4:53 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) <regiwils at cisco.com <mailto:regiwils at cisco.com>> wrote:
> 
>> Hello Harlan,
>> 
>> I’d like to confirm today’s version release which will address the identified vulnerabilities.  Please advise if there’s a particular time today which you’d like to coordinate the disclosure release.
>> 
>> Thank you,
>> 
>> 
>> Regina Wilson
>> Project Coordinator, Open Source and Threat Intelligence
>> regiwils at cisco.com <mailto:regiwils at cisco.com>
>> 
>> 
>> <talos_sig[4].png>
>> 
>>> On Mar 25, 2016, at 8:15 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) <regiwils at cisco.com <mailto:regiwils at cisco.com>> wrote:
>>> 
>>> Thank you for the update.
>>> 
>>> Kind Regards,
>>> 
>>> Regina Wilson
>>> Project Coordinator, Open Source and Threat Intelligence
>>> regiwils at cisco.com <mailto:regiwils at cisco.com>
>>> 
>>> 
>>> <talos_sig[4].png>
>>> 
>>>> On Mar 24, 2016, at 10:25 PM, Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org>> wrote:
>>>> 
>>>> 
>>>> 
>>>> On 3/24/16 6:17 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>>>> Cisco) wrote:
>>>>> Hello Harlan,
>>>>> 
>>>>> Can you also confirm if the following vuln will be addressed in the release?
>>>>> 
>>>>> TALOS-CAN-0132 - CVE-2016-1551
>>>> 
>>>> Yes, 018-refclock-peering (TALOS-CAN-0132) is fixed and will be part of
>>>> 4.2.8p7.
>>>> 
>>>> H
>>>> ---
>>>> 
>>>>> I’ve attached encrypted zip file with advisory for your review.
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> *Regina Wilson*
>>>>> Project Coordinator, Open Source and Threat Intelligence
>>>>> regiwils at cisco.com <mailto:regiwils at cisco.com> <mailto:regiwils at cisco.com <mailto:regiwils at cisco.com>>
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>>> On Mar 23, 2016, at 8:40 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>>>>>> Cisco) <regiwils at cisco.com <mailto:regiwils at cisco.com> <mailto:regiwils at cisco.com <mailto:regiwils at cisco.com>>> wrote:
>>>>>> 
>>>>>> Hello Harlan,
>>>>>> 
>>>>>> Thank you for the update.
>>>>>> 
>>>>>> Kind Regards,
>>>>>> 
>>>>>> *Regina Wilson*
>>>>>> Project Coordinator, Open Source and Threat Intelligence
>>>>>> regiwils at cisco.com <mailto:regiwils at cisco.com> <mailto:regiwils at cisco.com <mailto:regiwils at cisco.com>>
>>>>>> 
>>>>>> 
>>>>>> <talos_sig[4].png>
>>>>>> 
>>>>>>> On Mar 22, 2016, at 4:58 PM, Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org>
>>>>>>> <mailto:stenn at nwtime.org <mailto:stenn at nwtime.org>>> wrote:
>>>>>>> 
>>>>>>> Hi,
>>>>>>> 
>>>>>>> These are all scheduled for the 4.2.8p7 release, which we now think will
>>>>>>> be released to the public on 12 April.
>>>>>>> 
>>>>>>> On 3/22/16 7:10 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>>>>>>> Cisco) wrote:
>>>>>>>> Hello,
>>>>>>>> 
>>>>>>>> I am following up on any updates for disclosure release schedules for the
>>>>>>>> following vulnerabilities:
>>>>>>>> 
>>>>>>>> TALOS-CAN-0081 - CVE-2016-1547
>>>>>>>> TALOS-CAN-0082 - CVE-2016-1548
>>>>>>>> TALOS-CAN-0083 - CVE 2016-1549
>>>>>>>> TALOS-CAN-0084 - CVE 2016-1550
>>>>>>>> 
>>>>>>>> For further information about our disclosure process and PGP key for the
>>>>>>>> vulnerability team, please see
>>>>>>>> http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html <http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html>
>>>>>>>> 
>>>>>>>> *Regina Wilson*
>>>>>>>> Project Coordinator, Open Source and Threat Intelligence
>>>>>>>> regiwils at cisco.com <mailto:regiwils at cisco.com> <mailto:regiwils at cisco.com <mailto:regiwils at cisco.com>><mailto:regiwils at cisco.com <mailto:regiwils at cisco.com>>
>>>>>>> 
>>>>>>> --
>>>>>>> Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org> <mailto:stenn at nwtime.org <mailto:stenn at nwtime.org>>>
>>>>>>> http://networktimefoundation.org <http://networktimefoundation.org/> <http://networktimefoundation.org/ <http://networktimefoundation.org/>>- be a
>>>>>>> member!
>>>>>> 
>>>>> 
>>>> 
>>>> --
>>>> Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org>>
>>>> http://networktimefoundation.org <http://networktimefoundation.org/> - be a member!
>>>> 
>>> 
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20160412/0aec52b4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: talos_sig[4].png
Type: image/png
Size: 8573 bytes
Desc: not available
URL: <http://lists.ntp.org/private/security/attachments/20160412/0aec52b4/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.ntp.org/private/security/attachments/20160412/0aec52b4/attachment-0001.sig>


More information about the security mailing list