[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Start tracking ntpsec as well for february's ntp security advisory
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 8 06:22:39 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83cf247d by Salvatore Bonaccorso at 2018-03-08T07:21:25+01:00
Start tracking ntpsec as well for february's ntp security advisory
According to upstream's confirmation in
https://lists.ntpsec.org/pipermail/devel/2018-March/006008.html
only one of the CVEs from the ntp security advisory from
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
is applicable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1860,25 +1860,31 @@ CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -inse
NOTE: https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc
CVE-2018-7185 (The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote ...)
- ntp <unfixed>
+ - ntpsec <not-affected> (Issue not present)
NOTE: http://www.kb.cert.org/vuls/id/961909
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating ...)
- ntp <unfixed>
+ - ntpsec <not-affected> (Issue not present)
NOTE: http://www.kb.cert.org/vuls/id/961909
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7183 [ntpq:decodearr() can write beyond its buffer limit]
RESERVED
- ntp <unfixed>
+ - ntpsec <not-affected> (Issue not present)
NOTE: http://www.kb.cert.org/vuls/id/961909
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3414
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7182 (The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows ...)
- ntp <unfixed>
+ - ntpsec 1.0.0+dfsg1-5
NOTE: http://www.kb.cert.org/vuls/id/961909
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3412
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
+ NOTE: Fixed by (ntpsec): https://gitlab.com/NTPsec/ntpsec/commit/6d6aa6da0fe685011f5a9633c3618409af8349d7
+ NOTE: https://lists.ntpsec.org/pipermail/devel/2018-March/006008.html
CVE-2018-7181
RESERVED
CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...)
@@ -1929,6 +1935,7 @@ CVE-2018-7171
RESERVED
CVE-2018-7170 (nptd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows ...)
- ntp <unfixed>
+ - ntpsec <not-affected> (Issue not present)
NOTE: http://www.kb.cert.org/vuls/id/961909
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3415
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/83cf247d5469df9a73db8fbff02cb2eb3b724865
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/83cf247d5469df9a73db8fbff02cb2eb3b724865
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180308/f8dd7317/attachment-0001.html>
More information about the Secure-testing-commits
mailing list