The summary line is too short to hold all CVEs, they are: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871 Upstream advisory: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities The latest ntp release 4.2.8_p4 fixes various security vulnerabilities. Some of them are related to a research paper from Boston University (worth reading) about NTP security: http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf Seems no single one of the bugs is super-serious, the most serious one is a crypto bypass for symmetric authentication (which is rarely used as far as I'm aware). Please bump.
I have bumped net-misc/ntp to 4.2.8_p4 after asking WilliamH for permission to touch a base-system package.
Maintainer(s), please advise if you when you are ready for stabilization or call for stabilization yourself.
the code is generally fine, but the tests have gotten ... bad
This issue was resolved and addressed in GLSA 201607-15 at https://security.gentoo.org/glsa/201607-15 by GLSA coordinator Aaron Bauman (b-man).