We just sent the message below to the security advisory predisclosure list, relating to the release of XSA-26 to XSA-32. As you will see, these have now been publicly released. We''ll have a proper conversation about this in a week or two. Thanks for your attention, Ian. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We regret to announce that a member of the predisclosure list discovered today that they had failed to abort their disclosure process in response to the embargo extension for XSA-26 to XSA-32. The information in XSA-26 to XSA-32 has been publicly available since at least Friday the 30th of November. They reported the situation to us. Under the circumstances we must regard the embargo as at an end. All members of the predisclosure list are advised to publish and deploy their updates for XSA-26 to XSA-32 inclusive as soon as they are able to do so. Updated versions of XSA-26 to XSA-32, stating that they are now public, will be sent out shortly - both to the predisclosure list and to the public lists, according to the usual process. As usual when we have had difficulties with the process the Xen.org security team will conduct a full post mortem. The post mortem will consider the decision to extend the embargo, as well as the decision now to regard the embargo as over. As before, to allow members of the community to concentrate entirely on patching their systems right now, we will delay starting that conversation until at least Thursday the 13th of December. Xen.org security team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQvOEHAAoJEIP+FMlX6CvZpGUIAKx0W9bSoUiywC7B3WXhcvfO Zl+7D60p8w6FjZRD/YU04r4AYblg1nKGI6zlROXtbjj8UyFCtHglYPAnNfJKmV4C nyKHtg8iuiNV6zPYlEoU7rLAu4QwN/dFRmMOFAQr2Qilxu7D12e8vM1jP79c5lU6 w0ujSnJZxnrVTn/sZiOS1SgHsy7MVAyglOYFl4tT+LYbuxUl/G4QpccpM4ilJ7CC ELXQtfyQcvEzXQuWB9fTUS+0d+1ilx8ASXhnnHZtT+juxp/s6AXqCJZBbCbTWZDQ 9T0qrur96marKTK15XilPQN3XgoCQrZgLccndDpmIq9HBTx3tSLyrB9EbTF+5WY=Dd4h -----END PGP SIGNATURE-----