Your message dated Mon, 21 Nov 2016 19:19:48 +0000
with message-id <[email protected]>
and subject line Bug#839998: fixed in ntp 1:4.2.8p9+dfsg-2
has caused the Debian Bug report #839998,
regarding ntp: CVE-2016-0727: NTP statsdir cleanup cronjob insecure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
839998: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839998
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ntp
Version: 1:4.2.6.p5+dfsg-2
Severity: normal
Tags: security patch
Hi,
the following vulnerability was published for ntp.
CVE-2016-0727[0]:
NTP statsdir cleanup cronjob insecure
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-0727
[1]
http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ntp
Source-Version: 1:4.2.8p9+dfsg-2
We believe that the bug you reported is fixed in the latest version of
ntp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated ntp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 21 Nov 2016 20:09:17 +0100
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source
Version: 1:4.2.8p9+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian NTP Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
ntp - Network Time Protocol daemon and utility programs
ntp-doc - Network Time Protocol documentation
ntpdate - client for setting system time from NTP servers
Closes: 839998
Changes:
ntp (1:4.2.8p9+dfsg-2) unstable; urgency=medium
.
* CVE-2016-0727: NTP statsdir cleanup cronjob insecure (Closes: #839998)
Patch by Salvatore Bonaccorso <[email protected]>. Patch was dropped
in 1:4.2.8p9+dfsg-1.
Checksums-Sha1:
8dde0a4b583d19cefbd5753667551e35f020d5d6 2227 ntp_4.2.8p9+dfsg-2.dsc
5c198057a8f79d6b5f9606adc612bcce152f68c2 53900 ntp_4.2.8p9+dfsg-2.debian.tar.xz
Checksums-Sha256:
16ed698d33884718a9f2c8f799215768e091b22e954b33ff17924e87007d350a 2227
ntp_4.2.8p9+dfsg-2.dsc
9cb06c11359f00f39376d3df43f62c9393ed788222e55e0edd368ee61bba04c8 53900
ntp_4.2.8p9+dfsg-2.debian.tar.xz
Files:
24820d1d18b1f9143935ce8344e24426 2227 net optional ntp_4.2.8p9+dfsg-2.dsc
7e4f04cacd7904d91a985d94a5ff6ddf 53900 net optional
ntp_4.2.8p9+dfsg-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYM0ckAAoJEOPE3c0eTBJEHqQQAIFPMyylKib6gkI7YzwAncUt
DjsHS5zuLrKX6GfWoJqB7dksAeL4KVwc7ifFXiVGie+HSP1wb1R9/6UcpwAWAbP3
qw3o0G0rtx0/xeLg6pMXSHmieVgR6FegIrPxGjco44e8Gxa0QdVTQizv1WJgAsOt
C1de2bsrr4PUKdaXSB7Ql26XGr8q96l6iOfBR8xK2P0WcwJ8nnNDZENxPueia+jh
AjiVI+sG7QK1NC6cjvdnvWz5ZK5J9shGpukUNvVOB4tg5ZfBmfLNROEpI67kBlrE
tficoJDtum9xWYFABTrO8FQsf8GGXtAwCroqcrkbZ+8LjDYbVLDtvnJEqCfNCOGV
aSBSsYUdnDYb6BuXiy08uWxhbLX6YqAFlNyHpUi2+2jnauFxFRvh0EZoy05byu+m
+R0sw3KWYItDUDu6rAIexKtW/prNfNOrkJNRUMzvt+VnuJD8xIY3M7GWWGF5UXEs
LeB3SMe8RjO4cUjLqdomHSFo0JTX2UcTjnK2nCqEXsqwecM/frCIeTADPT4YWFqK
mzn//3SWLTW898vJBuhDvzzcbDNbBbn2OyXJR6eeIYhtU8NIQRoCeE8vxIBEeNaJ
BfTFLRFf1IvQcPJuVFYPRjt5HvV16tTvW3D+wXVoejyKLSSlY5ZqVnD03PNlaazF
Clklwahtac6UCOnbNqRB
=tdbB
-----END PGP SIGNATURE-----
--- End Message ---
