ntpd uses the OpenSSL EVP_VerifyFinal function and incorrectly check the return code, refer to bug 251346 for details. ntpd upstream will release a patch shortly.
public via URL
ntp-4.2.4_p6 now in the tree
Arches, please test and mark stable: =net-misc/ntp-4.2.4_p6 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
amd64/x86 stable
hppa stable
ppc64 done
alpha/ia64/s390/sh/sparc stable
ppc stable and i guess we want a GLSA on this one.
GLSA filed.
GLSA 200904-05