[ubuntu/karmic] ntp 1:4.2.4p6+dfsg-1ubuntu2 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Tue May 19 21:30:14 BST 2009 

ntp (1:4.2.4p6+dfsg-1ubuntu2) karmic; urgency=low

  * SECURITY UPDATE: stack overflow in ntpd when autokey is enabled
    - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use
      snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively
      adjust ntp_peer.c and ntp_timer.c to do the same.
    - CVE-2009-1252
  * SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp
    server
    - debian/patches/CVE-2009-0159.patch: increase size of buffer in
      cookedprint() in ntpq/ntpq.c and adjust to use snprintf()
    - CVE-2009-0159

Date: Tue, 19 May 2009 15:26:41 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/ntp/1:4.2.4p6+dfsg-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 19 May 2009 15:26:41 -0500
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source
Version: 1:4.2.4p6+dfsg-1ubuntu2
Distribution: karmic
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 ntp        - Network Time Protocol daemon and utility programs
 ntp-doc    - Network Time Protocol documentation
 ntpdate    - client for setting system time from NTP servers
Changes: 
 ntp (1:4.2.4p6+dfsg-1ubuntu2) karmic; urgency=low
 .
   * SECURITY UPDATE: stack overflow in ntpd when autokey is enabled
     - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use
       snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively
       adjust ntp_peer.c and ntp_timer.c to do the same.
     - CVE-2009-1252
   * SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp
     server
     - debian/patches/CVE-2009-0159.patch: increase size of buffer in
       cookedprint() in ntpq/ntpq.c and adjust to use snprintf()
     - CVE-2009-0159
Checksums-Sha1: 
 430a60cc9e25fa01f8359aa8d6ad4803cb49a6c8 1548 ntp_4.2.4p6+dfsg-1ubuntu2.dsc
 a1d5e813ebac9e68dc5139be6276e0a8885e3912 341801 ntp_4.2.4p6+dfsg-1ubuntu2.diff.gz
Checksums-Sha256: 
 9fcc199da0ba2c0f38024c8f75a24e28964f983c218c338a2cc43296e2e49105 1548 ntp_4.2.4p6+dfsg-1ubuntu2.dsc
 f3f6e3d9dd2ba7b5bfb7a9fe8a7440ff8963243e5074c8803dcef572e50abec6 341801 ntp_4.2.4p6+dfsg-1ubuntu2.diff.gz
Files: 
 d8cec1200ff17ee602e55b4ef6c6c43e 1548 net optional ntp_4.2.4p6+dfsg-1ubuntu2.dsc
 0f84da7e5f5f40b8c04ab01590f5b637 341801 net optional ntp_4.2.4p6+dfsg-1ubuntu2.diff.gz
Original-Maintainer: Debian NTP Team <pkg-ntp-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoTFnsACgkQW0JvuRdL8BriUwCfTtm3Ur61OUxXdg5tBB5EUT/7
FvcAoJbfO3gJf7AIhb+MyTMuFuJAstRw
=hiJn
-----END PGP SIGNATURE-----

More information about the Karmic-changes mailing list