on the NTP security issues and fixes
Daniel Franke
dfoxfranke at gmail.com
Thu May 5 02:29:39 UTC 2016
Well, that was scary and a little overwhelming but it turns out we're
in remarkably good shape: I've now merged patches for what look to be
the only three out of the eleven issues that impact us, and two of
those only dubiously qualify as vulnerabilities at all. Before I ask
Mark to tag a release I need to take a second look at couple of these
and then write release notes, but if you're already running a git
snapshot of NTPsec then now's a fine time to pull.
On 4/28/16, Mark Atwood <fallenpegasus at gmail.com> wrote:
> Folks,
>
> Late Tuesday night, NTP.org made a release containing 11 security fixes.
> Some of these vulnerabilities were also reported to the NTPsec project, and
> we planned for a coordinated release and disclosure. Unfortunately, several
> others caught us by surprise, and this surprise comes at an inconvenient
> time because most of the team is about to get on a plane for our FTF
> meeting in Detroit. In spite of this, we're
> working hard to get these fixes reviewed, merged, tested, and into a
> release,
> which we expect will come early next week.
>
> ..m
>
More information about the devel
mailing list