Accepted ntpsec 1.1.3+dfsg1-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted ntpsec 1.1.3+dfsg1-1 (source) into unstable
From: Richard Laager <rlaager@wiktel.com>
Date: Thu, 17 Jan 2019 15:04:22 +0000
Message-id: <[🔎] E1gk9DS-000HSA-Ow@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 Jan 2019 04:17:46 -0600
Source: ntpsec
Binary: ntpsec ntpsec-ntpdate ntpsec-ntpviz ntpsec-doc python3-ntp
Architecture: source
Version: 1.1.3+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Richard Laager <rlaager@wiktel.com>
Changed-By: Richard Laager <rlaager@wiktel.com>
Description:
 ntpsec     - Network Time Protocol daemon and utility programs
 ntpsec-doc - Network Time Protocol documentation
 ntpsec-ntpdate - client for setting system time from NTP servers
 ntpsec-ntpviz - NTP statistics graphing utility
 python3-ntp - Python 3 NTP Helper Classes
Closes: 919513
Changes:
 ntpsec (1.1.3+dfsg1-1) unstable; urgency=high
 .
   * New upstream version (Closes: 919513)
     - Lots of typo fixes, documentation cleanups, test targets.
     - CVE-2019-6442: "An authenticated attacker can write one byte out of
       bounds in ntpd via a malformed config request, related to
       config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and
       yyerror in ntp_parser.y."
     - CVE-2019-6443: "Because of a bug in ctl_getitem, there is a stack-based
       buffer over-read in read_sysvars in ntp_control.c in ntpd.
     - CVE-2019-6444: "process_control() in ntp_control.c has a stack-based
       buffer over-read because attacker-controlled data is dereferenced by
       ntohl() in ntpd."
     - CVE-2019-6445: "An authenticated attacker can cause a NULL pointer
       dereference and ntpd crash in ntp_control.c, related to ctl_getitem."
   * Drop debian/patches/fix-ntploggps.patch (merged upstream)
   * Refresh patches
   * Revert "Use python3-gps"
     At this time, python3-gps is only available in experimental.
   * Disable the waf PYTHON_GPS check
   * Update debian/copyright
   * Fix ntpdate.8 documentation of -B
   * Changes as of ntp_4.2.8p12+dfsg-3 have been merged as appropriate:
     - Update ntpdate.8 from ntpdate.html
       Thanks to Bernhard Schmidt <berni@debian.org>
     - Update ntpdate.README.Debian
       Thanks to Bernhard Schmidt <berni@debian.org>
     - As a notable exception, while the ntp package has removed the ntpdate
       hooks, I have not (yet?) done so in ntpsec.
   * Set Rules-Requires-Root: no
   * Sort debian/ntpsec.maintscript
Checksums-Sha1:
 cb7a77e51c191d2cffac80dfdf15e020a1e0fc16 2385 ntpsec_1.1.3+dfsg1-1.dsc
 a4edb6006102f5c641d7c3a786c7bb8eaee91f49 2490447 ntpsec_1.1.3+dfsg1.orig.tar.gz
 89a0f0c26e20893495478f6a4c4af013d3a3a674 44248 ntpsec_1.1.3+dfsg1-1.debian.tar.xz
 c4377c8a7c7cd5f16b8f3e174d9bf41405b27d25 9185 ntpsec_1.1.3+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 583ba864f845177857516279e1a08f60d9f52b4dd5176b91371da00ecc7b56ce 2385 ntpsec_1.1.3+dfsg1-1.dsc
 5e5525ea8ea2e75ce9fb6dbf47cb4cd919e8929ee9f99f2e00bfcf3d2f1a7410 2490447 ntpsec_1.1.3+dfsg1.orig.tar.gz
 98725fc86f92d6b0fc104bfc6b6310fde40c3c3dd756aabe156996b5cd7a8fc2 44248 ntpsec_1.1.3+dfsg1-1.debian.tar.xz
 3ca0393599113f307e56f2c2f7da8c8f27f93cb62c4b6fb8c9be24edd7c9d59a 9185 ntpsec_1.1.3+dfsg1-1_amd64.buildinfo
Files:
 57b2538607e125e188f9c559be5b7677 2385 net optional ntpsec_1.1.3+dfsg1-1.dsc
 7dac3394aa446a5799ca0f66bfa30217 2490447 net optional ntpsec_1.1.3+dfsg1.orig.tar.gz
 b150a0f0ca14139b74e4eb596584161e 44248 net optional ntpsec_1.1.3+dfsg1-1.debian.tar.xz
 f891b7fd3b55d77f13cfe34d93b6aaa4 9185 net optional ntpsec_1.1.3+dfsg1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAlxAlGMUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpZXSBAAkE/E9rUMMSBLJHQuSKqUPh/T32sD
MH0NbGGEkjKiX2A4oG54UEXGlqKHK7FSigDXS9RyAUzZEBMTYHp6L3H/jsQrEsF1
33gnIJEaxAu3Yos/030Xwlf7n45JFnbFiBt6XWp3yVHnDtR7MBeYQngWQT5lRR8u
n7lCgtfU8ENlTCBtMV+rRb7JwmeJZnrX/BDb97y/AcQvwMgpB50gG3KCMMsg694/
rSNTKtCRLQwUSpENKnGw6+WtvEC23FsPCTXe2/Qv6ox8+/RIuN26s6sOc6ImEAj3
YmpRcKxgCPy3cnOKKs/EVFtp7SNCpiQyfZRVlyR396ncC78RD9kRoinOz1TVUsSA
gQfccVxNqVojta90NZTwUIv3CdNxiB/dYRA0EAoaVTt7kYUa1e9kkRbIOhCj9ZiR
FXho1UeGDYiLLhYzReMpWjgZCMnlSdjRGnGHp7JsDNn1YIrh5bCq5SxU+8AGTGia
qBiK+hlAHt7ljkPiqnGfHPuWuMGrCAt6pir/RrTDn47peR7G5EZbi3xG6QrvtHJ9
TEIrvrIp6wUfjzbnz7ZP14BDTbLL53/OJ/wQMuQPX8HtEUaO/6IccRwe6TP5GmPM
pPfbPCa7hbm+H36yLSkhMmcJxBxaCh6MKXfJXcUF+AOcv8WJNhO0kUv2VAk/ukGu
dkC6zuUjbFFKOyA=
=CM5C
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted python-debian 0.1.34 (source) into unstable
Next by Date: Accepted primesieve 7.3+ds-1 (source) into unstable
Previous by thread: Accepted python-debian 0.1.34 (source) into unstable
Next by thread: Accepted primesieve 7.3+ds-1 (source) into unstable
Index(es):
- Date
- Thread