[Git][NTPsec/ntpsec][master] In NEWS, record some forward-ported bug fixes.

Eric S. Raymond gitlab at mg.gitlab.com
Mon Mar 21 02:11:45 UTC 2016 

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
142a55cb by Eric S. Raymond at 2016-03-20T22:11:23-04:00
In NEWS, record some forward-ported bug fixes.

- - - - -


1 changed file:

- NEWS


Changes:

=====================================
NEWS
=====================================
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,16 @@ Much of the traditional function of a news file is now better addressed
 by browsing the comments in the revision history.  This file will focus
 on user-visible changes.
 
+== Repository head ==
+
+The following reflect forward-ported fixes to Classic:
+
+[Bug 2772] adj_systime overflows tv_usec
+[Bug 2829] Look at pipe_fds in ntpd.c
+[Bug 2887] fudge stratum only accepts values [0..16].
+[Bug 2937] (NTPQ) nextvar() missing length check
+[Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
+
 == 2016-03-15: 0.9.2 ==
 
 Point release.
@@ -152,22 +162,22 @@ the 0.9.0 beta release.
 * [Bug 2883] ntpd crashes on exit with empty driftfile.  Miroslav Lichvar.
 * [Bug 2886] Misspelling: "outlyer" should be "outlier"
 * [Bug 2890] Ignore ENOBUFS on routing netlink socket.  Konstantin Khlebnikov.
+* [Bug 2901] Clients that receive a KoD should validate the origin
+  timestamp field (CVE-2015-7704, CVE-2015-7705)
 * [Bug 2902] configuration directives "pidfile" and "driftfile"
   should be local-only. (patch by Miroslav Lichvar) (CVE-2015-7703)
 * [Bug 2909] Slow memory leak in CRYPTO_ASSOC (CVE-2015-7701)
-* [Bug 2941] NAK to the Future: Symmetric association authentication
-  bypass via crypto-NAK (CVE-2015-7871)
-* [Bug 2922] decodenetnum() will ASSERT botch instead of returning
-  FAIL on some bogus values (CVE-2015-7855)
-* [Bug 2921] Password Length Memory Corruption Vulnerability (CVE-2015-7854)
-* [Bug 2920] Invalid length data provided by a custom refclock driver
-  could cause a buffer overflow (CVE-2015-7853)
-* [Bug 2919] ntpq atoascii() potential memory corruption (CVE-2015-7852)
+* [Bug 2916] trusted key use-after-free (CVE-2015-7849)
 * [Bug 2918] saveconfig Directory Traversal Vulnerability. (OpenVMS)
   (CVE-2015-7851)
-* [Bug 2916] trusted key use-after-free (CVE-2015-7849)
-* [Bug 2901] Clients that receive a KoD should validate the origin
-  timestamp field (CVE-2015-7704, CVE-2015-7705)
+* [Bug 2919] ntpq atoascii() potential memory corruption (CVE-2015-7852)
+* [Bug 2920] Invalid length data provided by a custom refclock driver
+  could cause a buffer overflow (CVE-2015-7853)
+* [Bug 2921] Password Length Memory Corruption Vulnerability (CVE-2015-7854)
+* [Bug 2922] decodenetnum() will ASSERT botch instead of returning
+  FAIL on some bogus values (CVE-2015-7855)
+* [Bug 2941] NAK to the Future: Symmetric association authentication
+  bypass via crypto-NAK (CVE-2015-7871)
 
 Additionally the NTPsec team is aware of the following vulnerabilities
 impacting autokey: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702. NTPsec



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/142a55cbc5fa86886bb4d9932fecc0518beb1d58
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20160321/2aed0a75/attachment.html>

More information about the vc mailing list