This bug was fixed in the package ntp - 1:4.2.8p4+dfsg-3ubuntu5.3
---
ntp (1:4.2.8p4+dfsg-3ubuntu5.3) xenial-security; urgency=medium
* SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
- debian/patches/CVE-2015-7973.patch: improve timestamp verification in
Wily has reached end of support, closing as Won't Fix.
** Also affects: ntp (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: ntp (Ubuntu Wily)
Status: New => Won't Fix
** Changed in: ntp (Ubuntu Xenial)
Status: New => Triaged
--
You received this bug
This bug was fixed in the package ntp - 1:4.2.8p4+dfsg-3ubuntu6
---
ntp (1:4.2.8p4+dfsg-3ubuntu6) yakkety; urgency=medium
* SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
- debian/patches/CVE-2015-7973.patch: improve timestamp verification in
I'm afraid this might have been lost in tracking.
Also adding Security team (since it is a CVE) and setting triaged as a patch
that seems reasonable is available.
** Changed in: ntp (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of
** Also affects: ntp (Ubuntu Wily)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1528050
Title:
NTP statsdir cleanup cronjob insecure
To
** Also affects: ntp (Ubuntu Wily)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528050
Title:
NTP statsdir cleanup cronjob insecure
To manage
Done: Is is public via http://www.openwall.com/lists/oss-
security/2016/01/21/7 anyway.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
Done: Is is public via http://www.openwall.com/lists/oss-
security/2016/01/21/7 anyway.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
The attachment "Patch just securing commands as they are" seems to be a
patch. If it isn't, please remove the "patch" flag from the attachment,
remove the "patch" tag, and if you are a member of the ~ubuntu-
reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad
The attachment "Patch just securing commands as they are" seems to be a
patch. If it isn't, please remove the "patch" flag from the attachment,
remove the "patch" tag, and if you are a member of the ~ubuntu-
reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad
10 matches
Mail list logo