Bug#719203: chrony: CVE-2012-4502 and CVE-2012-4503

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#719203: chrony: CVE-2012-4502 and CVE-2012-4503
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 09 Aug 2013 10:46:07 +0200
Message-id: <[🔎] 20130809084607.16879.65363.reportbug@elende.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 719203@bugs.debian.org

Package: chrony
Severity: important

Hi,

the following vulnerabilities were published for chrony.

CVE-2012-4502[0]:
Buffer overflow when processing crafted command packets

CVE-2012-4503[1]:
Uninitialized data in command replies

Upstream commits fixing these issues are at [2] and [3]. See also [4].

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2012-4502
[1] http://security-tracker.debian.org/tracker/CVE-2012-4503
[2] http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=7712455d9aa33d0db0945effaa07e900b85987b1
[3] http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3
[4] http://permalink.gmane.org/gmane.comp.time.chrony.announce/15

Regards,
Salvatore

Reply to:

Prev by Date: Bug#717992: marked as done (moodle,moodle-book: error when trying to install together)
Next by Date: Bug#655039: update: work can procede
Previous by thread: Bug#717992: marked as done (moodle,moodle-book: error when trying to install together)
Next by thread: Bug#655039: update: work can procede
Index(es):
- Date
- Thread