Author: jmm Date: 2016-06-21 18:15:20 +0000 (Tue, 21 Jun 2016) New Revision: 42677
Modified: data/CVE/list Log: more ntp triage Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-06-21 17:44:22 UTC (rev 42676) +++ data/CVE/list 2016-06-21 18:15:20 UTC (rev 42677) @@ -2423,6 +2423,7 @@ CVE-2016-4953 RESERVED - ntp 1:4.2.8p8+dfsg-1 + [jessie] - ntp <not-affected> (Fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi NOTE: http://support.ntp.org/bin/view/Main/NtpBug3045 CVE-2016-5117 [OpenNTPD not verifying CN during HTTPS constraints request] @@ -9344,6 +9345,7 @@ CVE-2016-2519 [ctl_getitem() return value not always checked] RESERVED - ntp 1:4.2.8p7+dfsg-1 + [jessie] - ntp <no-dsa> (Minor issue) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security CVE-2016-2518 [Crafted addpeer with hmode > 7 causes out-of-bounds reference] RESERVED @@ -9352,9 +9354,10 @@ NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security CVE-2016-2517 [Remote configuration trustedkey/requestkey/controlkey values are not properly validated] RESERVED - - ntp 1:4.2.8p7+dfsg-1 - NOTE: CVE-2016-2517 is for a regression caused by the patch for CVE-2016-2516 + - ntp 1:4.2.8p7+dfsg-1 (unimportant) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security + NOTE: not a security issue, anyone with the privileges for remote configuration can + NOTE: cause trouble anyway CVE-2016-2516 [Duplicate IPs on unconfig directives will cause an assertion failure] RESERVED - ntp 1:4.2.8p7+dfsg-1 @@ -12928,8 +12931,9 @@ CVE-2016-1549 [Sybil attack with trustedkey] RESERVED - ntp 1:4.2.8p7+dfsg-1 + [jessie] - ntp <no-dsa> (Minor issue) + [wheezy] - ntp <no-dsa> (Minor issue) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security - TODO: check CVE-2016-1548 [Change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode.] RESERVED - ntp 1:4.2.8p7+dfsg-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits