Concerning the ntp-4.2.8p8 security fixes
Daniel Franke
dfoxfranke at gmail.com
Thu Jun 2 18:32:24 UTC 2016
On 6/2/16, Sanjeev Gupta <ghane0 at gmail.com> wrote:
> On Fri, Jun 3, 2016 at 2:00 AM, Daniel Franke <dfoxfranke at gmail.com> wrote:
>
>> The remaining, low-severity vulnerability, CVE-2016-4954
>
>
> This alone is worth the price of admission.
>
> Who is writing the announcement to LWN?
Before that I want to make sure we get the impact analysis correct. My
own analysis says one thing, NTP.org's security advisory says another,
and the original bug ticket (http://bugs.ntp.org/show_bug.cgi?id=3044)
is slightly vague on the matter; see my comment #4 on that ticket.
More information about the devel
mailing list