Your message dated Tue, 22 Sep 2020 11:31:49 +0200
with message-id <[email protected]>
and subject line Re: ntp: CVE-2020-15025
has caused the Debian Bug report #963807,
regarding ntp: CVE-2020-15025
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
963807: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963807
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ntp
Version: 1:4.2.8p14+dfsg-2
Severity: important
Tags: security upstream
Control: found -1 1:4.2.8p12+dfsg-4
Control: forwarded -1 https://bugs.ntp.org/show_bug.cgi?id=3661
Hi,
The following vulnerability was published for ntp.
CVE-2020-15025[0]:
| ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows
| remote attackers to cause a denial of service (memory consumption) by
| sending packets, because memory is not freed in situations where a
| CMAC key is used and associated with a CMAC algorithm in the ntp.keys
| file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-15025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15025
[1] https://support.ntp.org/bin/view/Main/NtpBug3661
[2]
https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
[3] https://bugs.ntp.org/show_bug.cgi?id=3661
Regards,
Salvatore
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.7.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Version: 1:4.2.8p15-1
On Sat, Jun 27, 2020 at 09:05:56PM +0200, Salvatore Bonaccorso wrote:
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2020-15025
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15025
> [1] https://support.ntp.org/bin/view/Main/NtpBug3661
> [2]
> https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
> [3] https://bugs.ntp.org/show_bug.cgi?id=3661
This was fixed in the latest upload to sid.
Cheers,
Moritz
--- End Message ---
