[ntp:security] Talos Security Advisory (TALOS-2016-0260)
Harlan Stenn
stenn at nwtime.org
Tue Jan 24 20:51:08 UTC 2017
Hi Regina,
On 1/24/17 12:42 PM, Regina Wilson (regiwils) wrote:
> Hello,
>
> Please provide status of the issue reported below. Is this issue under review? If there’s a disclosure timeline, please advise. We prefer at least 2 business days notice of public release so we may coordinate on our end.
It's under review, we have a fix in mind that I'm 90%+ comfortable will
fix it, and when we're comfortable with it we'll send it to you for
checking. We will then do a T-2 week notice to our security partners,
and a T-1 week notice to CERT, followed a week later by the public release.
H
--
> Kind Regards,
>
> Regina Wilson
> Engineer. Research
> regiwils at cisco.com<mailto:regiwils at cisco.com>
>
>
>
>
> [cid:CFA14CB5-B7B2-4FF7-8313-22D495F607D5 at vrt.sourcefire.com]
>
> On Jan 4, 2017, at 9:17 AM, Regina Wilson (regiwils) <regiwils at cisco.com<mailto:regiwils at cisco.com>> wrote:
>
> Hello,
>
> The Cisco Talos team found a security vulnerability impacting NTP customers. As this is a sensitive security issue, we’ve provided the following report encrypted with your PGP key.
>
>
> <NTP Vulnerability Report.2016.0260.zip 2.gpg>
>
> For further information about the Cisco Vendor Vulnerability Reporting and Disclosure Policy please refer to this document which also links to our public PGP key. http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html
>
>
> Please CC vulndev at cisco.com<mailto:vulndev at cisco.com> on all correspondence related to this issue.
>
> Regina Wilson
> Engineer. Research
> regiwils at cisco.com<mailto:regiwils at cisco.com>
>
>
>
>
> <image001.png>
>
>
--
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!
More information about the security
mailing list