<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>



<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<h3>
Gary E. Miller pushed to branch master
at <a href="https://gitlab.com/NTPsec/ntpsec">NTPsec / ntpsec</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://gitlab.com/NTPsec/ntpsec/commit/f6815ab88b4c9d0e0e2096661dd8fd2ae992ca69">f6815ab8</a></strong>
<div>
<span>by Gary E. Miller</span>
<i>at 2019-08-29T03:25:38Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">NEWS: Add re-resolutiuon of CVE-2014-9295 in 2017.
</pre>
</li>
</ul>
<h4>1 changed file:</h4>
<ul>
<li class="file-stats">
<a href="#9f621eb5fd3bcb2fa5c7bd228c9b1ad42edc46c8">
NEWS
</a>
</li>
</ul>
<h4>Changes:</h4>
<li id="9f621eb5fd3bcb2fa5c7bd228c9b1ad42edc46c8">
<a href="https://gitlab.com/NTPsec/ntpsec/commit/f6815ab88b4c9d0e0e2096661dd8fd2ae992ca69#9f621eb5fd3bcb2fa5c7bd228c9b1ad42edc46c8"><strong>NEWS</strong></a>
<hr>
<table class="code white" style="font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">
<tr class="line_holder match" id="" style="line-height: 1.6;">
<td class="diff-line-num unfold js-unfold old_line" data-linenumber="194" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>
<td class="diff-line-num unfold js-unfold new_line" data-linenumber="194" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>
<td class="line_content match " style="padding-left: 0.5em; padding-right: 0.5em; color: rgba(0,0,0,0.3);" bgcolor="#fafafa">@@ -194,6 +194,11 @@ CVE-2017-6463: Authenticated DoS via Malicious Config Option</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="194" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
194
</td>
<td class="diff-line-num new_line" data-linenumber="194" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
194
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC194" class="line" lang="plaintext">CVE-2017-6458: Potential Overflows in ctl_put() functions</span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="195" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
195
</td>
<td class="diff-line-num new_line" data-linenumber="195" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
195
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC195" class="line" lang="plaintext">CVE-2017-6451: Improper use of snprintf() in mx4200_send()</span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="196" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
196
</td>
<td class="diff-line-num new_line" data-linenumber="196" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
196
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC196" class="line" lang="plaintext"></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="diff-line-num new old_line" data-linenumber="197" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="197" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
197
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC197" class="line" lang="plaintext">A Pentest report by Cure53 noted that a previously fixed CVE had been</span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="diff-line-num new old_line" data-linenumber="197" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="198" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
198
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC198" class="line" lang="plaintext">reintroduced into the code.  This was resolved, again.</span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="diff-line-num new old_line" data-linenumber="197" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="199" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
199
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC199" class="line" lang="plaintext"></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="diff-line-num new old_line" data-linenumber="197" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="200" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
200
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC200" class="line" lang="plaintext">CVE-2014-9295: Multiple stack-based buffer overflows in ntpd</span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="diff-line-num new old_line" data-linenumber="197" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="201" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
201
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC201" class="line" lang="plaintext"></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="197" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
197
</td>
<td class="diff-line-num new_line" data-linenumber="202" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
202
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC202" class="line" lang="plaintext">The following CVEs, announced simultaneously, affected NTP Classic but</span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="198" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
198
</td>
<td class="diff-line-num new_line" data-linenumber="203" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
203
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC203" class="line" lang="plaintext">not NTPsec, because we had already removed the attack surface:</span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="199" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
199
</td>
<td class="diff-line-num new_line" data-linenumber="204" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
204
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC204" class="line" lang="plaintext"></span>
</pre>
</td>
</tr>

</table>
<br>
</li>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">

<br>
<a href="https://gitlab.com/NTPsec/ntpsec/commit/f6815ab88b4c9d0e0e2096661dd8fd2ae992ca69">View it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://gitlab.com/NTPsec/ntpsec/commit/f6815ab88b4c9d0e0e2096661dd8fd2ae992ca69"}}</script>


</p>
</div>
</body>
</html>