Your message dated Sat, 21 Oct 2006 08:02:16 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#387627: fixed in ntp 1:4.2.2.p4+dfsg-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: ntp
Version: 4.2.2+dfsg.2-1
Severity: grave
Tags: patch
Coin,
In the included getnameinfo() compatibility function, an off-by-one may
lead to memory corruption and even security issues. A patch is attached.
Regards.
--- orig/libntp/ntp_rfc2553.c 2006-09-14 16:21:40.000000000 +0000
+++ new/libntp/ntp_rfc2553.c 2006-09-14 16:22:00.000000000 +0000
@@ -302,7 +302,7 @@
}
if (host != NULL) {
strncpy(host, hp->h_name, hostlen);
- host[hostlen] = '\0';
+ host[hostlen - 1] = '\0';
}
return (0);
}
--
Marc Dequènes (Duck)
pgpLqP3GfleGA.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: ntp
Source-Version: 1:4.2.2.p4+dfsg-1
We believe that the bug you reported is fixed in the latest version of
ntp, which is due to be installed in the Debian FTP archive:
ntp-doc_4.2.2.p4+dfsg-1_all.deb
to pool/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-1_all.deb
ntp-refclock_4.2.2.p4+dfsg-1_all.deb
to pool/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-1_all.deb
ntp-simple_4.2.2.p4+dfsg-1_all.deb
to pool/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-1_all.deb
ntp_4.2.2.p4+dfsg-1.diff.gz
to pool/main/n/ntp/ntp_4.2.2.p4+dfsg-1.diff.gz
ntp_4.2.2.p4+dfsg-1.dsc
to pool/main/n/ntp/ntp_4.2.2.p4+dfsg-1.dsc
ntp_4.2.2.p4+dfsg-1_i386.deb
to pool/main/n/ntp/ntp_4.2.2.p4+dfsg-1_i386.deb
ntp_4.2.2.p4+dfsg.orig.tar.gz
to pool/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz
ntpdate_4.2.2.p4+dfsg-1_i386.deb
to pool/main/n/ntp/ntpdate_4.2.2.p4+dfsg-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Eisentraut <[EMAIL PROTECTED]> (supplier of updated ntp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 21 Oct 2006 16:34:35 +0200
Source: ntp
Binary: ntp-simple ntp-refclock ntp-doc ntpdate ntp
Architecture: source all i386
Version: 1:4.2.2.p4+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian NTP Team <[EMAIL PROTECTED]>
Changed-By: Peter Eisentraut <[EMAIL PROTECTED]>
Description:
ntp - Network Time Protocol daemon and utility programs
ntp-doc - Network Time Protocol documentation
ntp-refclock - transition package
ntp-simple - transition package
ntpdate - client for setting system time from NTP servers
Closes: 387627
Changes:
ntp (1:4.2.2.p4+dfsg-1) unstable; urgency=low
.
* New upstream release
- Fixes off-by-one error in compat getnameinfo() (closes: #387627)
- Updated autotools.patch
* Fixed watch file for mangled version number
* Split out configure.ac hunk from autotools.patch into logical pieces
- Removed error cache disabling code, which was nonfunctional from the
start
* Added web sites to package descriptions
Files:
ae7fa7a239b7f4e7e881abc1d8c2f933 890 net optional ntp_4.2.2.p4+dfsg-1.dsc
ad746cda2d90dbb9ed06fe164273c5d0 2199764 net optional
ntp_4.2.2.p4+dfsg.orig.tar.gz
1fa11782824a074530a8152d538273be 179101 net optional
ntp_4.2.2.p4+dfsg-1.diff.gz
a702654b4160c6dc8aa0383761a4c646 903570 doc optional
ntp-doc_4.2.2.p4+dfsg-1_all.deb
d39ee8abb33d44de35be3f8ab0f5e76e 27910 net optional
ntp-simple_4.2.2.p4+dfsg-1_all.deb
e6dff20422842f31e180955810ef5771 27918 net optional
ntp-refclock_4.2.2.p4+dfsg-1_all.deb
48fc49092ef2de986bc2e06937a30402 329682 net optional
ntp_4.2.2.p4+dfsg-1_i386.deb
5c4fb91aebec33926db10a5ffc9debf6 57366 net optional
ntpdate_4.2.2.p4+dfsg-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFOjGVTTx8oVVPtMYRAjkvAKC7yIbDgTj2yUxpVliEe86GOA4IggCeMR8b
I1ERkfxjJ1DZJ5lM1cLUrTo=
=bZ3V
-----END PGP SIGNATURE-----
--- End Message ---
