Hi Kurt Thanks a lot for a quick and good answer. Will mark it as unaffected in wheezy too then.
Best regards // Ola On Mon, Aug 8, 2016 at 6:30 PM, Kurt Roeckx <k...@roeckx.be> wrote: > On Mon, Aug 08, 2016 at 01:12:28PM +0200, Ola Lundqvist wrote: > > Hi Kurt > > > > As a member of the LTS team I have started to look into a ntp security > > update of CVE-2016-4953 mentioned here: > > https://security-tracker.debian.org/tracker/source-package/ntp > > > > I see that you have prepared security updates for Debian wheezy in the > past > > so I would like to check with you if you want to do it this time too, or > if > > you'd like me to do that for you. > > > > Or alternatively that you know it is a non-issue already. > > > > I can see the following comment about jessie in the security tracker: > > [jessie] - ntp <not-affected> (Fix for CVE-2016-1547 or CVE-2015-7979 > > wasn't backported) > > > > But it looks like ntp-4.2.6p5-cve-2015-7979.patch is in the wheezy > version > > so I guess it is affected, or? > > > > I have not looked into the details yet as I want to check with you first > > whether you know about this already (I guess you do). > > First, the situation for wheezy and jessie should be identical. > They have the same upstream source and should have the same > patches for all security issues. > > The fix we use for CVE-2015-7979 is unrelated to the upstream fix, > and so we're not affected by what the upstream patch broke. > > > Kurt > > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------