[ntp:security] Talos VulnDev Follow up - NTP Vulnerability

Harlan Stenn stenn at nwtime.org
Tue Apr 12 18:48:09 UTC 2016


Thanks, Regina, we appreciate it. 

Sent from my iPhone - please excuse brevity and typos

> On Apr 12, 2016, at 10:57 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) <regiwils at cisco.com> wrote:
> 
> Hello Harlan,
> 
> Thank you for the updated timeline.  We will coordinate release on our end accordingly.
> 
> Kind Regards,
> Regina Wilson
> Project Coordinator, Open Source and Threat Intelligence
> regiwils at cisco.com
> 
> 
> <talos_sig[4].png>
> 
>> On Apr 12, 2016, at 12:41 PM, Harlan Stenn <stenn at nwtime.org> wrote:
>> 
>> Hi Regina,
>> 
>> We're planning a pre-release to advance security release partners today, availability to folks who follow CERT next Tuesday, the 19th, and public release on Tuesday the 26th. 
>> 
>> Sent from my iPhone - please excuse brevity and typos
>> 
>>> On Apr 12, 2016, at 4:53 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) <regiwils at cisco.com> wrote:
>>> 
>>> Hello Harlan,
>>> 
>>> I’d like to confirm today’s version release which will address the identified vulnerabilities.  Please advise if there’s a particular time today which you’d like to coordinate the disclosure release.
>>> 
>>> Thank you,
>>> 
>>> 
>>> Regina Wilson
>>> Project Coordinator, Open Source and Threat Intelligence
>>> regiwils at cisco.com
>>> 
>>> 
>>> <talos_sig[4].png>
>>> 
>>>> On Mar 25, 2016, at 8:15 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) <regiwils at cisco.com> wrote:
>>>> 
>>>> Thank you for the update.
>>>> 
>>>> Kind Regards,
>>>> 
>>>> Regina Wilson
>>>> Project Coordinator, Open Source and Threat Intelligence
>>>> regiwils at cisco.com
>>>> 
>>>> 
>>>> <talos_sig[4].png>
>>>> 
>>>>> On Mar 24, 2016, at 10:25 PM, Harlan Stenn <stenn at nwtime.org> wrote:
>>>>> 
>>>>> 
>>>>> 
>>>>> On 3/24/16 6:17 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>>>>> Cisco) wrote:
>>>>>> Hello Harlan,
>>>>>> 
>>>>>> Can you also confirm if the following vuln will be addressed in the release?
>>>>>> 
>>>>>> TALOS-CAN-0132 - CVE-2016-1551
>>>>> 
>>>>> Yes, 018-refclock-peering (TALOS-CAN-0132) is fixed and will be part of
>>>>> 4.2.8p7.
>>>>> 
>>>>> H
>>>>> ---
>>>>> 
>>>>>> I’ve attached encrypted zip file with advisory for your review.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> *Regina Wilson*
>>>>>> Project Coordinator, Open Source and Threat Intelligence
>>>>>> regiwils at cisco.com <mailto:regiwils at cisco.com>
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>>> On Mar 23, 2016, at 8:40 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at 
>>>>>>> Cisco) <regiwils at cisco.com <mailto:regiwils at cisco.com>> wrote:
>>>>>>> 
>>>>>>> Hello Harlan,
>>>>>>> 
>>>>>>> Thank you for the update.
>>>>>>> 
>>>>>>> Kind Regards,
>>>>>>> 
>>>>>>> *Regina Wilson*
>>>>>>> Project Coordinator, Open Source and Threat Intelligence
>>>>>>> regiwils at cisco.com <mailto:regiwils at cisco.com>
>>>>>>> 
>>>>>>> 
>>>>>>> <talos_sig[4].png>
>>>>>>> 
>>>>>>>> On Mar 22, 2016, at 4:58 PM, Harlan Stenn <stenn at nwtime.org 
>>>>>>>> <mailto:stenn at nwtime.org>> wrote:
>>>>>>>> 
>>>>>>>> Hi,
>>>>>>>> 
>>>>>>>> These are all scheduled for the 4.2.8p7 release, which we now think will
>>>>>>>> be released to the public on 12 April.
>>>>>>>> 
>>>>>>>> On 3/22/16 7:10 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>>>>>>>> Cisco) wrote:
>>>>>>>>> Hello,
>>>>>>>>> 
>>>>>>>>> I am following up on any updates for disclosure release schedules for the
>>>>>>>>> following vulnerabilities:
>>>>>>>>> 
>>>>>>>>> TALOS-CAN-0081 - CVE-2016-1547
>>>>>>>>> TALOS-CAN-0082 - CVE-2016-1548
>>>>>>>>> TALOS-CAN-0083 - CVE 2016-1549
>>>>>>>>> TALOS-CAN-0084 - CVE 2016-1550
>>>>>>>>> 
>>>>>>>>> For further information about our disclosure process and PGP key for the
>>>>>>>>> vulnerability team, please see
>>>>>>>>> http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html
>>>>>>>>> 
>>>>>>>>> *Regina Wilson*
>>>>>>>>> Project Coordinator, Open Source and Threat Intelligence
>>>>>>>>> regiwils at cisco.com <mailto:regiwils at cisco.com><mailto:regiwils at cisco.com>
>>>>>>>> 
>>>>>>>> --
>>>>>>>> Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org>>
>>>>>>>> http://networktimefoundation.org <http://networktimefoundation.org/>- be a 
>>>>>>>> member!
>>>>> 
>>>>> -- 
>>>>> Harlan Stenn <stenn at nwtime.org>
>>>>> http://networktimefoundation.org - be a member!
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20160412/6033a2f5/attachment.html>


More information about the security mailing list