Author: carnil
Date: 2015-08-25 10:18:38 +0000 (Tue, 25 Aug 2015)
New Revision: 36292
Modified:
data/CVE/list
Log:
Mark new ntp issues as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-25 09:53:02 UTC (rev 36291)
+++ data/CVE/list 2015-08-25 10:18:38 UTC (rev 36292)
@@ -3442,7 +3442,10 @@
RESERVED
CVE-2015-5219 [infinite loop in sntp processing crafted packet]
RESERVED
- - ntp 1:4.2.8p3+dfsg-1
+ - ntp 1:4.2.8p3+dfsg-1 (low)
+ [jessie] - ntp <no-dsa> (Minor issue)
+ [wheezy] - ntp <no-dsa> (Minor issue)
+ [squeeze] - ntp <no-dsa> (Minor issue)
NOTE:
https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8
CVE-2015-5218
RESERVED
@@ -3499,15 +3502,24 @@
RESERVED
CVE-2015-5196 [config command can be used to set the pidfile and drift file
paths]
RESERVED
- - ntp <unfixed>
+ - ntp <unfixed> (low)
+ [jessie] - ntp <no-dsa> (Minor issue)
+ [wheezy] - ntp <no-dsa> (Minor issue)
+ [squeeze] - ntp <no-dsa> (Minor issue)
NOTE: Patch attached to
http://www.openwall.com/lists/oss-security/2015/08/25/3
CVE-2015-5195 [ntpd crash when processing config commands with statistics type]
RESERVED
- - ntp 1:4.2.8p3+dfsg-1
+ - ntp 1:4.2.8p3+dfsg-1 (low)
+ [jessie] - ntp <no-dsa> (Minor issue)
+ [wheezy] - ntp <no-dsa> (Minor issue)
+ [squeeze] - ntp <no-dsa> (Minor issue)
NOTE:
https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be
CVE-2015-5194 [crash with crafted logconfig configuration command]
RESERVED
- - ntp 1:4.2.8p3+dfsg-1
+ - ntp 1:4.2.8p3+dfsg-1 (low)
+ [jessie] - ntp <no-dsa> (Minor issue)
+ [wheezy] - ntp <no-dsa> (Minor issue)
+ [squeeze] - ntp <no-dsa> (Minor issue)
NOTE:
https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27
NOTE: Fixed in 4.2.7p42
CVE-2015-5193
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
