[Git][NTPsec/ntpsec][master] NEWS: Add re-resolutiuon of CVE-2014-9295 in 2017.
Gary E. Miller
gitlab at mg.gitlab.com
Thu Aug 29 03:26:47 UTC 2019
Gary E. Miller pushed to branch master at NTPsec / ntpsec
Commits:
f6815ab8 by Gary E. Miller at 2019-08-29T03:25:38Z
NEWS: Add re-resolutiuon of CVE-2014-9295 in 2017.
- - - - -
1 changed file:
- NEWS
Changes:
=====================================
NEWS
=====================================
@@ -194,6 +194,11 @@ CVE-2017-6463: Authenticated DoS via Malicious Config Option
CVE-2017-6458: Potential Overflows in ctl_put() functions
CVE-2017-6451: Improper use of snprintf() in mx4200_send()
+A Pentest report by Cure53 noted that a previously fixed CVE had been
+reintroduced into the code. This was resolved, again.
+
+CVE-2014-9295: Multiple stack-based buffer overflows in ntpd
+
The following CVEs, announced simultaneously, affected NTP Classic but
not NTPsec, because we had already removed the attack surface:
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/f6815ab88b4c9d0e0e2096661dd8fd2ae992ca69
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/f6815ab88b4c9d0e0e2096661dd8fd2ae992ca69
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190829/98c6bf61/attachment.htm>
More information about the vc
mailing list