[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security update of ntp

Hi Kurt

As a member of the LTS team I have started to look into a ntp security update of CVE-2016-4953 mentioned here:

I see that you have prepared security updates for Debian wheezy in the past so I would like to check with you if you want to do it this time too, or if you'd like me to do that for you.

Or alternatively that you know it is a non-issue already.

I can see the following comment about jessie in the security tracker:
[jessie] - ntp <not-affected> (Fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported)

But it looks like ntp-4.2.6p5-cve-2015-7979.patch is in the wheezy version so I guess it is affected, or?

I have not looked into the details yet as I want to check with you first whether you know about this already (I guess you do).

Best regards

// Ola

 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

Reply to: