Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 697024 (CVE-2015-5300) - <net-misc/ntpsec-1.1.7-r1: outdated systemd unit file allows for (CVE-2015-5300)
Summary: <net-misc/ntpsec-1.1.7-r1: outdated systemd unit file allows for (CVE-2015-5300)
Alias: CVE-2015-5300
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on: 694748
  Show dependency tree
Reported: 2019-10-09 00:15 UTC by Alessandro Barbieri
Modified: 2020-04-16 07:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alessandro Barbieri 2019-10-09 00:15:23 UTC
Upstream provides a systemd unit that fixes the vulnerability since v1.1.0
but the ebuild installs the old one

see for a possible patch
Comment 1 Larry the Git Cow gentoo-dev 2019-10-26 17:51:01 UTC
The bug has been referenced in the following commit(s):

commit def2c6ace829ce9e98c8963802a0b3baf916ac72
Author:     Thomas Deutschmann <>
AuthorDate: 2019-10-26 17:49:47 +0000
Commit:     Thomas Deutschmann <>
CommitDate: 2019-10-26 17:50:54 +0000

    net-misc/ntpsec: update unit file to avoid CVE-2015-5300
    Package-Manager: Portage-2.3.78, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <>

 net-misc/ntpsec/files/ntpd-r1.service                 | 19 +++++++++++++++++++
 .../{ntpsec-1.1.7.ebuild => ntpsec-1.1.7-r1.ebuild}   |  2 +-
 net-misc/ntpsec/ntpsec-9999.ebuild                    |  2 +-
 3 files changed, 21 insertions(+), 2 deletions(-)
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2020-03-19 20:32:22 UTC
Maintainer(s), please drop the vulnerable version(s).

GLSA Vote: No
Comment 3 NATTkA bot gentoo-dev 2020-04-12 19:29:21 UTC
Unable to check for sanity:

> dependent bug #694748 is missing keywords
Comment 4 NATTkA bot gentoo-dev 2020-04-13 14:40:53 UTC
Resetting sanity check; package list is empty or all packages are done.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev Security 2020-04-16 07:49:06 UTC
Cleanup is part of bug 694748
Thank you all for you work. 
Closing as [noglsa].