[Secure-testing-commits] r49940 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Wed Mar 22 20:01:40 UTC 2017
Author: opal
Date: 2017-03-22 20:01:39 +0000 (Wed, 22 Mar 2017)
New Revision: 49940
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triaging for ntp.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-22 19:52:32 UTC (rev 49939)
+++ data/CVE/list 2017-03-22 20:01:39 UTC (rev 49940)
@@ -1781,6 +1781,7 @@
CVE-2017-6462 [Buffer Overflow in DPTS Clock]
RESERVED
- ntp <unfixed>
+ [wheezy] - ntp <no-dsa> (Minor issue)
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3388
CVE-2017-6461
REJECTED
@@ -1795,7 +1796,10 @@
CVE-2017-6458 [Potential Overflows in ctl_put() functions]
RESERVED
- ntp <unfixed>
+ [wheezy] - ntp <no-dsa> (Minor issue)
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3379
+ NOTE: The vulnerability can only be triggered by adding very long
+ NOTE: variable names (200 bytes or more) in ntpd.conf file.
CVE-2017-6457
REJECTED
CVE-2017-6456
@@ -1815,6 +1819,7 @@
CVE-2017-6451 [Improper use of snprintf() in mx4200_send()]
RESERVED
- ntp <unfixed>
+ [wheezy] - ntp <not-affected> (Vulnerable code not enabled at build time)
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3378
CVE-2017-6450
RESERVED
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-03-22 19:52:32 UTC (rev 49939)
+++ data/dla-needed.txt 2017-03-22 20:01:39 UTC (rev 49940)
@@ -100,6 +100,9 @@
NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/
NOTE: -- Jonas Meurer
--
+ntp
+ NOTE: The maintainer have done security updates in the past.
+--
partclone
--
pcre3 (Antoine Beaupré)
More information about the Secure-testing-commits
mailing list