[Git][NTPsec/ntpsec][master] 2 commits: Fix typos in NEWS
Eric S. Raymond
gitlab at mg.gitlab.com
Sat Jan 23 17:28:30 UTC 2016
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
f89db1c8 by Matt Selsky at 2016-01-23T04:36:03-05:00
Fix typos in NEWS
- - - - -
c4865379 by Eric S. Raymond at 2016-01-23T17:26:48+00:00
Merge branch 'typos' into 'master'
Fix typo in NEWS
See merge request !15
- - - - -
1 changed file:
- NEWS
Changes:
=====================================
NEWS
=====================================
--- a/NEWS
+++ b/NEWS
@@ -24,14 +24,14 @@ Point release for security. Fixes:
* Timing attack on MAC verification (Daniel Franke)
* Missing length checks in decodearr() and outputarr() (Daniel Franke)
-Two additional security issues hve been reported to us for which we
+Two additional security issues have been reported to us for which we
are not implementing code changes, but the user should be aware of
their impact.
The first (CVE-2015-8140) pertains to NTP's dynamic reconfiguration
feature, which permits on-the-fly modification of NTP's configuration
via ntpq. This feature is rarely used, typically disabled, and can
-only be enabled when authentication is configured. Ntpd has no means
+only be enabled when authentication is configured. ntpd has no means
of detecting that a request to change its configuration is a replay of
an old packet. Therefore, if an administrator sets ntpd to
configuration A and then to configuration B, an attacker who captures
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/592f0e8e9b1ca23118abe05c7b83e50aa340a1d3...c4865379fcbc486acbff487cc24b57818c60b232
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20160123/034bcbfd/attachment.html>
More information about the vc
mailing list