On Sun, 2015-10-25 at 22:45 +0100, Kurt Roeckx wrote: > On Mon, Oct 26, 2015 at 06:13:07AM +0900, Ben Hutchings wrote: [...] > > > While I have addiotional patches for: > > > CVE-2014-9750.patch (it was missing 1 patch while it was fixed it > > > seems) > > > > Which is split from CVE-2014-9297. > > From what I understand CVE-2014-9297 was changed to CVE-2014-9750 > and CVE-2014-9298 to CVE-2014-9751 because someone mixed them up. > There is nothing split. > > In any case, there is a patch missing. OK, which one is that? I looked through the upstream commits for bug 2671 and they all seemed to have been included in CVE-2014-9297.patch. > > > ntp-4.2.6p5-cve-2015-5219.patch > > > ntp-4.2.6p5-cve-2015-5195.patch > > > ntp-4.2.6p5-cve-2015-5194.patch > > > ntp-4.2.6p5-cve-2015-5146.patch > > > > These were already marked as no-DSA-required in the security > > tracker. > > I don't see why we shouldn't fix them. [...] Sure, that wasn't an objection. Ben. -- Ben Hutchings Never attribute to conspiracy what can adequately be explained by stupidity.
Description: This is a digitally signed message part