[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [venglin@FREEBSD.LUBLIN.PL: ntpd =< 4.0.99k remote buffer overflow]



On Thu, Apr 05, 2001 at 12:26:42AM -0400, Noah L. Meyerhans wrote:
> Yes.  The fix has been made in the FreeBSD CVS repository.  I'm going to
> see about integrating it with our sources now.  If I get a safe copy
> built I'll make a signed .deb available.  I'm not a member of the
> official Debian security team, though, so you shouldn't necessarily
> trust me...

OK, I've made some patched files available for potato i386.  I was not
able to get ntpd to build on my sid system.  The files are available at
http://web.morgul.net/~frodo/ntp/  The actual patch is available there
as well.  It was taken from
http://www.FreeBSD.org/cgi/cvsweb.cgi/src/contrib/ntp/ntpd/ntp_control.c.diff?r1=1.1.1.2&r2=1.1.1.2.2.1

There are gpg detached sigs for the key files, just in case.  Regarding 
verification of my keys...that might be more tricky.  My key ID is 
11404EC3 and the fingerprint is 
D896 D80A C030 7F05 701E  D535 62B5 4B8C 1140 4EC3

The key is available from the keyservers and has been signed by
hugo@debian.org (among others).

Remember that there's nothing official about this package.  I made it to
patch a security hole.  It will be up to the debian security team to
handle the creation of the official packages.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpsvhr5FYI3X.pgp
Description: PGP signature


Reply to: