Well, that was scary and a little overwhelming but it turns out we're in remarkably good shape: I've now merged patches for what look to be the only three out of the eleven issues that impact us, and two of those only dubiously qualify as vulnerabilities at all. Before I ask Mark to tag a release I need to take a second look at couple of these and then write release notes, but if you're already running a git snapshot of NTPsec then now's a fine time to pull.
On 4/28/16, Mark Atwood <fallenpega...@gmail.com> wrote: > Folks, > > Late Tuesday night, NTP.org made a release containing 11 security fixes. > Some of these vulnerabilities were also reported to the NTPsec project, and > we planned for a coordinated release and disclosure. Unfortunately, several > others caught us by surprise, and this surprise comes at an inconvenient > time because most of the team is about to get on a plane for our FTF > meeting in Detroit. In spite of this, we're > working hard to get these fixes reviewed, merged, tested, and into a > release, > which we expect will come early next week. > > ..m > _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
