Thanks for the bug. These issues are being tracked here: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9293.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9294.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9295.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9296.html
and there are test packages here: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages Note: Ubuntu has mitigations in the default install that lesson the severity of two of the CVEs. ** Information type changed from Private Security to Public Security ** Changed in: ntp (Ubuntu) Status: New => In Progress ** Also affects: ntp (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: ntp (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: ntp (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: ntp (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: ntp (Ubuntu Lucid) Status: New => In Progress ** Changed in: ntp (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: ntp (Ubuntu Lucid) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ntp (Ubuntu Precise) Status: New => In Progress ** Changed in: ntp (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: ntp (Ubuntu Precise) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ntp (Ubuntu Trusty) Status: New => In Progress ** Changed in: ntp (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: ntp (Ubuntu Trusty) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ntp (Ubuntu Utopic) Status: New => In Progress ** Changed in: ntp (Ubuntu Utopic) Importance: Undecided => Medium ** Changed in: ntp (Ubuntu Utopic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9293 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9294 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9295 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9296 ** Changed in: ntp (Ubuntu) Status: In Progress => Triaged ** Changed in: ntp (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1404648 Title: security issues in ntp To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1404648/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
