Shortly after publishing my article on Skycoin hardware wallet issues,
I discovered that the Skycoin developers had missed two important patches for old upstream firmware vulnerabilities in the Trezor that were still present in their code,
so I reported that problem as well.
Particularly the buffer overflow vulnerability could have a serious security impact depending on firmware compilation settings, but there are indications that this is not the case for the Skycoin firmware.
In this case, the problematic code is located here.
Reporting the issues has been fairly quick and straightforward.
Since encrypted communication with the vendor was already established and upstream patches for the problems were available, the disclosure process was finished in less than a month and with little overhead.