Bug#833442: busybox: CVE-2016-6301: NTP server denial of service flaw

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#833442: busybox: CVE-2016-6301: NTP server denial of service flaw
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 04 Aug 2016 14:23:04 +0200
Message-id: <[🔎] 147031338423.4247.18052078286281892681.reportbug@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 833442@bugs.debian.org

Source: busybox
Version: 1:1.22.0-9
Severity: normal
Tags: security upstream patch

Hi,

the following vulnerability was published for busybox. The config
CONFIG_NTPD is not enabled by default, so this only would affect
rebuild packages. It is thus marked unimportant in the
security-tracker. Opened the bug to track the issue in BTS.

CVE-2016-6301[0]:
NTP server denial of service flaw

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-6301

Regards,
Salvatore

Reply to:

Prev by Date: Bug#833434: choose-mirror: the package segfaults at any attempt to use
Next by Date: Bug#810301: merged /usr support for debootstrap
Previous by thread: Bug#833434: marked as done (choose-mirror: the package segfaults at any attempt to use)
Next by thread: Bug#810301: merged /usr support for debootstrap
Index(es):
- Date
- Thread