Your message dated Tue, 26 Sep 2017 20:04:54 +0200 with message-id <1506448725@msgid.manchmal.in-ulm.de> and subject line Re: busybox: CVE-2016-6301: NTP server denial of service flaw has caused the Debian Bug report #833442, regarding busybox: CVE-2016-6301: NTP server denial of service flaw to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 833442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833442 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: busybox: CVE-2016-6301: NTP server denial of service flaw
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 04 Aug 2016 14:23:04 +0200
- Message-id: <147031338423.4247.18052078286281892681.reportbug@lorien.valinor.li>
Source: busybox Version: 1:1.22.0-9 Severity: normal Tags: security upstream patch Hi, the following vulnerability was published for busybox. The config CONFIG_NTPD is not enabled by default, so this only would affect rebuild packages. It is thus marked unimportant in the security-tracker. Opened the bug to track the issue in BTS. CVE-2016-6301[0]: NTP server denial of service flaw If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6301 Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 833442-done@bugs.debian.org
- Subject: Re: busybox: CVE-2016-6301: NTP server denial of service flaw
- From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
- Date: Tue, 26 Sep 2017 20:04:54 +0200
- Message-id: <1506448725@msgid.manchmal.in-ulm.de>
- In-reply-to: <147031338423.4247.18052078286281892681.reportbug@lorien.valinor.li>
- References: <147031338423.4247.18052078286281892681.reportbug@lorien.valinor.li>
fixed 833442 1:1.27.2-1 thanks > the following vulnerability was published for busybox. The config > CONFIG_NTPD is not enabled by default, so this only would affect > rebuild packages. It is thus marked unimportant in the > security-tracker. Opened the bug to track the issue in BTS. > > CVE-2016-6301[0]: > NTP server denial of service flaw > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. This was fixed in the recent upload to unstable/sid which already migrated to testing/buster. Since the ntpd module is not enabled in Debian's busybox build, it's basically a change in unsued sources that wasn't worth being mentioned in the changelog. For the same reason this will not be handled in (old){0,2}stable. Now closing. ChristophAttachment: signature.asc
Description: Digital signature
--- End Message ---