[Secure-testing-commits] r39071 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jan 21 21:36:05 UTC 2016
Author: carnil
Date: 2016-01-21 21:36:05 +0000 (Thu, 21 Jan 2016)
New Revision: 39071
Modified:
data/CVE/list
Log:
Add CVE-2015-8138/ntp
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-21 21:10:17 UTC (rev 39070)
+++ data/CVE/list 2016-01-21 21:36:05 UTC (rev 39071)
@@ -6382,8 +6382,15 @@
RESERVED
CVE-2015-8139
RESERVED
-CVE-2015-8138
+CVE-2015-8138 [ntp: missing check for zero originate timestamp]
RESERVED
+ - ntp <unfixed>
+ NOTE: http://www.talosintel.com/reports/TALOS-2016-0077/
+ NOTE: https://github.com/ntp-project/ntp/commit/880191b72409a1965712999d248d70e6f7163af8
+ NOTE: The upstream fix for this issue is reported to be incomplete:
+ NOTE: http://bugs.ntp.org/show_bug.cgi?id=2945#c7
+ NOTE: http://lists.ntp.org/pipermail/hackers/2016-January/007406.html
+ TODO: check
CVE-2015-8137
RESERVED
CVE-2015-8136
More information about the Secure-testing-commits
mailing list