Concerning the ntp-4.2.8p8 security fixes

Daniel Franke dfoxfranke at
Thu Jun 2 18:32:24 UTC 2016

On 6/2/16, Sanjeev Gupta <ghane0 at> wrote:
> On Fri, Jun 3, 2016 at 2:00 AM, Daniel Franke <dfoxfranke at> wrote:
>> The remaining, low-severity vulnerability, CVE-2016-4954
> This alone is worth the price of admission.
> Who is writing the announcement to LWN?

Before that I want to make sure we get the impact analysis correct. My
own analysis says one thing,'s security advisory says another,
and the original bug ticket (
is slightly vague on the matter; see my comment #4 on that ticket.

More information about the devel mailing list