on the NTP security issues and fixes

Mark Atwood fallenpegasus at gmail.com
Mon May 2 21:25:23 UTC 2016


Tell me more about the fuzzing you are doing?

Thanks for the work you are doing!

..m

On Fri, Apr 29, 2016 at 9:16 AM Daniel Poirot <dtpoirot at gmail.com> wrote:

> Hey boss,
>
> Is there anything for us in the field to do?
>
> I continue to cross compile, run static analysis on the source and fuzz
> the binaries.
>
> Dan
>
>
> On Apr 28, 2016, at 3:43 PM, Mark Atwood <fallenpegasus at gmail.com> wrote:
>
> Folks,
>
> Late Tuesday night, NTP.org <http://ntp.org> made a release containing 11
> security fixes. Some of these vulnerabilities were also reported to the
> NTPsec project, and we planned for a coordinated release and disclosure. Unfortunately,
> several others caught us by surprise, and this surprise comes at an
> inconvenient time because most of the team is about to get on a plane for
> our FTF meeting in Detroit. In spite of this, we're
> working hard to get these fixes reviewed, merged, tested, and into a release,
> which we expect will come early next week.
>
> ..m
>
> _______________________________________________
> devel mailing list
> devel at ntpsec.org
> http://lists.ntpsec.org/mailman/listinfo/devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160502/9677715c/attachment.html>


More information about the devel mailing list