Concerning the ntp-4.2.8p8 security fixes

Eric S. Raymond esr at thyrsus.com
Thu Jun 2 18:44:01 UTC 2016


Daniel Franke <dfoxfranke at gmail.com>:
> On 6/2/16, Sanjeev Gupta <ghane0 at gmail.com> wrote:
> > On Fri, Jun 3, 2016 at 2:00 AM, Daniel Franke <dfoxfranke at gmail.com> wrote:
> >
> >> The remaining, low-severity vulnerability, CVE-2016-4954
> >
> >
> > This alone is worth the price of admission.
> >
> > Who is writing the announcement to LWN?
> 
> Before that I want to make sure we get the impact analysis correct. My
> own analysis says one thing, NTP.org's security advisory says another,
> and the original bug ticket (http://bugs.ntp.org/show_bug.cgi?id=3044)
> is slightly vague on the matter; see my comment #4 on that ticket.

I will await your report.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>


More information about the devel mailing list