1
PublicDateAtUSN: 2015-02-05
2
Candidate: CVE-2014-9297
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297
6
http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever
7
https://usn.ubuntu.com/usn/usn-2497-1
9
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750,
10
CVE-2014-9751. Reason: this ID was intended for one issue, but was
11
associated with two issues. Notes: All CVE users should consult
12
CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All
13
references and descriptions in this candidate have been removed to prevent
17
mdeslaur> Debian's patch in 1:4.2.6.p5+dfsg-4 seems to be missing the
18
mdeslaur> first commit.
20
http://bugs.ntp.org/show_bug.cgi?id=2671
22
Discovered-by: Stephen Roettger, Sebastian Krahmer, Harlan Stenn
26
upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5492d353ncauuWt_PONxaDhC5Qv_SA
27
upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=54a7c595jlwS3KmAxBML75HFGLR_pQ
28
upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=54abb266In81wLNAqIaovtP8f2UmUw
29
vendor: https://www.debian.org/security/2015/dsa-3154
30
upstream_ntp: released (1:4.2.6.p5+dfsg-4)
31
lucid_ntp: released (1:4.2.4p8+dfsg-1ubuntu2.3)
32
precise_ntp: released (1:4.2.6.p3+dfsg-1ubuntu3.3)
33
trusty_ntp: released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.2)
34
utopic_ntp: released (1:4.2.6.p5+dfsg-3ubuntu2.14.10.2)
35
devel_ntp: released (4.2.6.p5+dfsg-3ubuntu4)