[ntp:security] Talos Security Advisory for NTP (TALOS-2016-0203, TALOS-2016-0204)

Regina Wilson -T (regiwils - ETTAIN GROUP INC at Cisco) regiwils at cisco.com
Fri Oct 14 14:27:45 UTC 2016


Hello Harlan,

I am following up on any updates/developments for the reported issues.  Is there a scheduled release timeline (actual or tentative)?

Kind Regards,

Regina Wilson
Project Coordinator
regiwils at cisco.com <mailto:regiwils at cisco.com>





> On Sep 24, 2016, at 3:55 AM, Harlan Stenn <stenn at nwtime.org> wrote:
> 
> Got it, thanks!
> 
> H
> 
> On 9/23/16 10:47 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
> Cisco) wrote:
>> Hello Harlan,
>> 
>> Please confirm receipt of the encrypted reports below which include advisory and
>> trigger inputs.
>> 
>> 
>> 
>> 
>> *Regina Wilson*
>> Project Coordinator
>> regiwils at cisco.com <mailto:regiwils at cisco.com>
>> 
>> 
>> 
>> 
>> 
>>> On Sep 23, 2016, at 8:08 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>>> Cisco) <regiwils at cisco.com <mailto:regiwils at cisco.com>> wrote:
>>> 
>>> Hello Harlan,
>>> 
>>> I’ve checked with our research team and confirmed there are no other bugs in
>>> progress as of now.
>>> 
>>> Kind Regards,
>>> *Regina Wilson*
>>> Project Coordinator
>>> regiwils at cisco.com <mailto:regiwils at cisco.com>
>>> 
>>> 
>>> <image001.png>
>>> 
>>>> On Sep 20, 2016, at 6:05 PM, Harlan Stenn <stenn at nwtime.org
>>>> <mailto:stenn at nwtime.org>> wrote:
>>>> 
>>>> Regina and Matt,
>>>> 
>>>> Do you have anything else in-progress?
>>>> 
>>>> It can really mess up our delivery schedules when we only hear about
>>>> these things when you have them in "finished form".
>>>> 
>>>> Thanks!
>>>> 
>>>> H
>>>> 
>>>> On 9/20/16 9:30 AM, Regina Wilson -T (regiwils - ETTAIN GROUP INC at
>>>> Cisco) wrote:
>>>>> Hello Danny,
>>>>> 
>>>>> The Cisco Talos team has found a security vulnerability impacting NTP
>>>>> customers.
>>>>> Please review the attached file encrypted with your PGP for the following
>>>>> issues:
>>>>> 
>>>>> TALOS-2016-0203
>>>>> TALOS-2016-0204
>>>>> 
>>>>> 
>>>>> 
>>>>> For further information about the Cisco Vendor Vulnerability Reporting and
>>>>> Disclosure Policy please refer to this document which also links to our public
>>>>> PGP key.
>>>>> http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html
>>>>> 
>>>>> 
>>>>> Please CC vulndev at cisco.com <mailto:vulndev at cisco.com>
>>>>> <mailto:vulndev at cisco.com> on all correspondence
>>>>> related to this issue.
>>>>> 
>>>>> *Regina Wilson*
>>>>> Project Coordinator
>>>>> regiwils at cisco.com <mailto:regiwils at cisco.com> <mailto:regiwils at cisco.com>
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>> 
>>>> --
>>>> Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org>>
>>>> http://networktimefoundation.org <http://networktimefoundation.org/> - be a
>>>> member!
>>>> 
>>> 
>> 
>> 
>> 
>> _______________________________________________
>> security mailing list
>> security at lists.ntp.org
>> http://lists.ntp.org/listinfo/security
>> 
> 
> --
> Harlan Stenn <stenn at nwtime.org>
> http://networktimefoundation.org - be a member!
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20161014/c689ada0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 8573 bytes
Desc: not available
URL: <http://lists.ntp.org/private/security/attachments/20161014/c689ada0/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.ntp.org/private/security/attachments/20161014/c689ada0/attachment.sig>


More information about the security mailing list