[Secure-testing-commits] r46408 - in data: . CVE

Ola Lundqvist opal at moszumanska.debian.org
Mon Nov 21 22:05:28 UTC 2016 

Author: opal
Date: 2016-11-21 22:05:28 +0000 (Mon, 21 Nov 2016)
New Revision: 46408

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
ntp triaged.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-21 21:42:38 UTC (rev 46407)
+++ data/CVE/list	2016-11-21 22:05:28 UTC (rev 46408)
@@ -557,10 +557,14 @@
 	RESERVED
 	- ntp 1:4.2.8p9+dfsg-1
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3119
+	NOTE: Can be considered for a non-dsa for LTS as it is about a service
+	NOTE: not normally enabled. Should be judged in more details.
 CVE-2016-9310
 	RESERVED
 	- ntp 1:4.2.8p9+dfsg-1
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3118
+	NOTE: Can be considered for a non-dsa for LTS as it is about a problem
+	NOTE: where things are not configured according to recommentation. Should be judged in more details.
 CVE-2016-9309
 	RESERVED
 CVE-2016-9308
@@ -6231,21 +6235,25 @@
 	RESERVED
 	- ntp 1:4.2.8p9+dfsg-1
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3082
+	NOTE: Only possible to trigger from hosts in allow mrulist query.
 CVE-2016-7433
 	RESERVED
 	- ntp 1:4.2.8p9+dfsg-1
+	[wheezy] - ntp <no-dsa> (Minor problem)
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3067
 CVE-2016-7432
 	RESERVED
 CVE-2016-7431
 	RESERVED
 	- ntp 1:4.2.8p9+dfsg-1
+	[wheezy] - ntp <not-affected> (Vulnerable code introduced later)
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3102
 CVE-2016-7430
 	RESERVED
 CVE-2016-7429
 	RESERVED
 	- ntp 1:4.2.8p9+dfsg-1
+	[wheezy] - nto <no-dsa> (Minor issue, only possible if rp_filter is 0)
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3072
 CVE-2016-7428
 	RESERVED

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-11-21 21:42:38 UTC (rev 46407)
+++ data/dla-needed.txt	2016-11-21 22:05:28 UTC (rev 46408)
@@ -82,6 +82,8 @@
 --
 mcabber
 --
+ntp
+--
 monit
 --
 mysql-connector-python

More information about the Secure-testing-commits mailing list