1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
PublicDateAtUSN: 2015-02-05
Candidate: CVE-2014-9297
PublicDate: 2015-10-05
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297
http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever
http://www.ubuntu.com/usn/usn-2497-1
Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750,
CVE-2014-9751. Reason: this ID was intended for one issue, but was
associated with two issues. Notes: All CVE users should consult
CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All
references and descriptions in this candidate have been removed to prevent
accidental usage.
Ubuntu-Description:
Notes:
mdeslaur> Debian's patch in 1:4.2.6.p5+dfsg-4 seems to be missing the
mdeslaur> first commit.
Bugs:
http://bugs.ntp.org/show_bug.cgi?id=2671
Priority: medium
Discovered-by: Stephen Roettger, Sebastian Krahmer, Harlan Stenn
Assigned-to: mdeslaur
Patches_ntp:
upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5492d353ncauuWt_PONxaDhC5Qv_SA
upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=54a7c595jlwS3KmAxBML75HFGLR_pQ
upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=54abb266In81wLNAqIaovtP8f2UmUw
vendor: https://www.debian.org/security/2015/dsa-3154
upstream_ntp: released (1:4.2.6.p5+dfsg-4)
lucid_ntp: released (1:4.2.4p8+dfsg-1ubuntu2.3)
precise_ntp: released (1:4.2.6.p3+dfsg-1ubuntu3.3)
trusty_ntp: released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.2)
utopic_ntp: released (1:4.2.6.p5+dfsg-3ubuntu2.14.10.2)
devel_ntp: released (4.2.6.p5+dfsg-3ubuntu4)
|