Your message dated Tue, 18 Oct 2016 18:57:09 +0000 with message-id <e1bwzzv-0001ye...@franck.debian.org> and subject line Bug#839998: fixed in ntp 1:4.2.8p8+dfsg-1.1 has caused the Debian Bug report #839998, regarding ntp: CVE-2016-0727: NTP statsdir cleanup cronjob insecure to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 839998: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839998 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ntp Version: 1:4.2.6.p5+dfsg-2 Severity: normal Tags: security patch Hi, the following vulnerability was published for ntp. CVE-2016-0727[0]: NTP statsdir cleanup cronjob insecure If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-0727 [1] http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ntp Source-Version: 1:4.2.8p8+dfsg-1.1 We believe that the bug you reported is fixed in the latest version of ntp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 839...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated ntp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 08 Oct 2016 19:32:52 +0200 Source: ntp Binary: ntp ntpdate ntp-doc Architecture: all source Version: 1:4.2.8p8+dfsg-1.1 Distribution: unstable Urgency: medium Maintainer: Debian NTP Team <pkg-ntp-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 839998 Description: ntp - Network Time Protocol daemon and utility programs ntp-doc - Network Time Protocol documentation ntpdate - client for setting system time from NTP servers Changes: ntp (1:4.2.8p8+dfsg-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2016-0727: NTP statsdir cleanup cronjob insecure (Closes: #839998) (LP: #1528050) Checksums-Sha1: d12f8b6adc3d31664f0bc26281787db3c292fc92 2393 ntp_4.2.8p8+dfsg-1.1.dsc e7fcc569e0e7926b4a8646a77cdc660254aa981a 53420 ntp_4.2.8p8+dfsg-1.1.debian.tar.xz c37fd67ecacc9fc774c5f1a04315d09331dde646 1190010 ntp-doc_4.2.8p8+dfsg-1.1_all.deb Checksums-Sha256: f9ab13800eb8b1edf9330cd5d90365c0119caf9ef2eee0a8a7a8437048dd34f9 2393 ntp_4.2.8p8+dfsg-1.1.dsc f75ffa7ab398f6caa1faf94dbb08ad356c493206b4cdb7a27266cc2b0be24110 53420 ntp_4.2.8p8+dfsg-1.1.debian.tar.xz 7a5f751c26a7a7eb2c6b459440bc938dfb13c34316c69794c60c6c86dadb6bc7 1190010 ntp-doc_4.2.8p8+dfsg-1.1_all.deb Files: 88fe3afecb191f9f6022d569683a247f 2393 net optional ntp_4.2.8p8+dfsg-1.1.dsc ef2ca139599bd41cfd92abd1365f8f87 53420 net optional ntp_4.2.8p8+dfsg-1.1.debian.tar.xz aa6ffab47634960c141e92536cbbd4dc 1190010 doc optional ntp-doc_4.2.8p8+dfsg-1.1_all.deb -----BEGIN PGP SIGNATURE----- iQKPBAEBCgB5BQJX+S7zXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRCPY D/4ivumlc64S0WDJl0R90EzdHZSRS/90c2EWaFEaWEv8EARSHZeFknBE4PeQDYPN FBNsvj9+s5c5dNh0iUxVi0gQEEDR5cfUhWns+0/o/dScQRX/91tHWAtTdDmC8KLg vWYaWV4wn/xXBwmfzfO6M+8Cfv42MityRL/S0EbnKRJC9KP69TUaJqtrvwwwnvEE NkPl+qRfsAU7rw0ujJfa4owW+Rb6orShCQCfkMpfrzB1rz67IsACseIQY446yd97 5EakCX5hbSmGNSmHUFg6qjhlfYtYabYkT5iC33u9Vw25V6yDqKFsG6fn0k3XRrEM CiPlLALY58z+Jr3pILUykB2DSL74v+2XoZi6DIIk8iRbDTqJ5wCISeo5XmHLOMfB UK4q3DAB2se6L6lYJRpzaLcVExyXV4rgownxGHRWgnRpJObHcHpl0LMsKwyO0+1/ AYrRzJSsWmgXXw6UWUk3e8yvGfzGlw1NpjoJPzx98qqXi0bhgTo5okWhJWoY46UY /y0lYGDI6On7L/Dd0eOJ5I3XVn8ESirkT63ucuiIudQ5+lKUvpko7kfdMag/HeAX 6BmtyY0WQfXVl0DafWb+7ifc+oD+mA+Yc4imSvf55D8BsA5ZbcIwmRurRpF/8rgF iMp8D/M7XsD2sG9WfZG8pQ/g7lI6tpgANhzA2KcWYnqfjA== =52jP -----END PGP SIGNATURE-----
--- End Message ---
