-=| Kurt Roeckx, 13.02.2016 11:49:24 +0100 |=-
> On Sat, Feb 13, 2016 at 10:06:23AM +0000, Damyan Ivanov wrote:
> > Hello dear maintainer(s),
> >
> > The Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of ntp:
> > https://security-tracker.debian.org/tracker/source-package/ntp
>
> I was under the impression that squeeze LTS support ended?
Ends on 29 February. See
https://lists.debian.org/debian-announce/2016/msg00002.html
> > Note that all of the squeeze-relevant issues are still open in the
> > "newer" Debian releases (wheezy through sid).
>
> I'm waiting for upstream to actually fix things. I estimate it's
> going to take 2 months.
When this happens, do you plan to do a wheezy-lts upload too? (wheeszy
will gain LTS support in March).
BTW CVE-2016-0727 seems to me to be Debian-specific, since the cron
job is part of debian/. In case you missed it, there is a patch for it
at
http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
> They're all not that important.
Cheers,
dam
Attachment:
signature.asc
Description: Digital signature