[Secure-testing-commits] r42677 - data/CVE

Tue, 21 Jun 2016 11:16:23 -0700 

Author: jmm
Date: 2016-06-21 18:15:20 +0000 (Tue, 21 Jun 2016)
New Revision: 42677

Modified:
   data/CVE/list
Log:
more ntp triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-06-21 17:44:22 UTC (rev 42676)
+++ data/CVE/list       2016-06-21 18:15:20 UTC (rev 42677)
@@ -2423,6 +2423,7 @@
 CVE-2016-4953
        RESERVED
        - ntp 1:4.2.8p8+dfsg-1
+       [jessie] - ntp <not-affected> (Fix for CVE-2016-1547 or CVE-2015-7979 
wasn't backported)
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3045
 CVE-2016-5117 [OpenNTPD not verifying CN during HTTPS constraints request]
@@ -9344,6 +9345,7 @@
 CVE-2016-2519 [ctl_getitem() return value not always checked]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
+       [jessie] - ntp <no-dsa> (Minor issue)
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
 CVE-2016-2518 [Crafted addpeer with hmode > 7 causes out-of-bounds reference]
        RESERVED
@@ -9352,9 +9354,10 @@
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
 CVE-2016-2517 [Remote configuration trustedkey/requestkey/controlkey values 
are not properly validated]
        RESERVED
-       - ntp 1:4.2.8p7+dfsg-1
-       NOTE: CVE-2016-2517 is for a regression caused by the patch for 
CVE-2016-2516
+       - ntp 1:4.2.8p7+dfsg-1 (unimportant)
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
+       NOTE: not a security issue, anyone with the privileges for remote 
configuration can
+       NOTE: cause trouble anyway
 CVE-2016-2516 [Duplicate IPs on unconfig directives will cause an assertion 
failure]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
@@ -12928,8 +12931,9 @@
 CVE-2016-1549 [Sybil attack with trustedkey]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
+       [jessie] - ntp <no-dsa> (Minor issue)
+       [wheezy] - ntp <no-dsa> (Minor issue)
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
-       TODO: check
 CVE-2016-1548 [Change the time of an ntpd client or deny service to an ntpd 
client by forcing it to change from basic client/server mode to interleaved 
symmetric mode.]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to