[Secure-testing-commits] r43871 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Mon Aug 8 17:32:50 UTC 2016
Author: opal
Date: 2016-08-08 17:32:50 +0000 (Mon, 08 Aug 2016)
New Revision: 43871
Modified:
data/CVE/list
data/dla-needed.txt
Log:
NTP update not needed. Wheezy is as unaffected as jessie is. Confirmed by Kurt Roeckx.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-08 16:42:28 UTC (rev 43870)
+++ data/CVE/list 2016-08-08 17:32:50 UTC (rev 43871)
@@ -5790,6 +5790,7 @@
CVE-2016-4953 (ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a ...)
- ntp 1:4.2.8p8+dfsg-1
[jessie] - ntp <not-affected> (Upstream fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported)
+ [wheezy] - ntp <not-affected> (Fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3045
CVE-2016-5117 [OpenNTPD not verifying CN during HTTPS constraints request]
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-08-08 16:42:28 UTC (rev 43870)
+++ data/dla-needed.txt 2016-08-08 17:32:50 UTC (rev 43871)
@@ -44,9 +44,6 @@
nettle (Ola Lundqvist)
NOTE: Original patch had some unintended side effects: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html
--
-ntp (Ola Lundqvist)
- NOTE: up to now maintainer did the LTS uploads
---
openssl
NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply
NOTE: because the wheezy version is completely missing the checks being
More information about the Secure-testing-commits
mailing list