← Back to branch summary

~ubuntu-branches/ubuntu/maverick/ntp/maverick-proposed

« back to all changes in this revision

Viewing changes to debian/changelog

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2009-05-19 15:26:41 UTC
  • Revision ID: james.westby@ubuntu.com-20090519152641-ctb02x7tfqv5e9a8
Tags: 1:4.2.4p6+dfsg-1ubuntu2
* SECURITY UPDATE: stack overflow in ntpd when autokey is enabled
  - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use
    snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively
    adjust ntp_peer.c and ntp_timer.c to do the same.
  - CVE-2009-1252
* SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp
  server
  - debian/patches/CVE-2009-0159.patch: increase size of buffer in
    cookedprint() in ntpq/ntpq.c and adjust to use snprintf()
  - CVE-2009-0159

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/changelog
 
1
ntp (1:4.2.4p6+dfsg-1ubuntu2) karmic; urgency=low
 
2
 
 
3
  * SECURITY UPDATE: stack overflow in ntpd when autokey is enabled
 
4
    - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use
 
5
      snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively
 
6
      adjust ntp_peer.c and ntp_timer.c to do the same.
 
7
    - CVE-2009-1252
 
8
  * SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp
 
9
    server
 
10
    - debian/patches/CVE-2009-0159.patch: increase size of buffer in
 
11
      cookedprint() in ntpq/ntpq.c and adjust to use snprintf()
 
12
    - CVE-2009-0159
 
13
 
 
14
 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 19 May 2009 15:26:41 -0500
 
15
 
1
16
ntp (1:4.2.4p6+dfsg-1ubuntu1) karmic; urgency=low
2
17
 
3
18
  * Merge from Debian unstable, remaining changes: