Summary: | <net-misc/ntp-4.2.8_p3: remote code execution in some configs, and a leap second issue (CVE-2015-5146) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.ntp.org/show_bug.cgi?id=2853 | ||
See Also: | http://bugs.ntp.org/show_bug.cgi?id=2853 | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 545836 |
Description
Sam James
2015-06-30 22:49:40 UTC
*** Bug 553686 has been marked as a duplicate of this bug. *** Commit message: Version bump http://sources.gentoo.org/net-misc/ntp/ntp-4.2.8_p3.ebuild?rev=1.1 (In reply to SpanKY from comment #2) > Commit message: Version bump > http://sources.gentoo.org/net-misc/ntp/ntp-4.2.8_p3.ebuild?rev=1.1 is it ok to go stable? yes, should be fine Please test and mark stable: =net-misc/ntp-4.2.8_p3 target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" amd64 stable Stable for HPPA PPC64. x86 stable Stable on alpha. arm stable ppc stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Arches, Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). Maintainer(s), please drop the vulnerable version(s). This issue was resolved and addressed in GLSA 201509-01 at https://security.gentoo.org/glsa/201509-01 by GLSA coordinator Kristian Fiskerstrand (K_F). Re-Opening for cleanup. Maintainer(s), please drop the vulnerable version(s). With base-system owning this, can this be cleaned up. Or can security clean up. We have quite a few vulnerable versions in tree. Arches and Maintainer(s), Thank you for your work. Closing |