On Fri, Apr 08, 2016 at 12:26:59PM -0600, Nicholas Luedtke wrote: > Package: ntp > Version: 1:4.2.8p4+dfsg-3 > Severity: wishlist > > Dear Maintainer, > > NTP version ntp-4.2.8p6 is available upstream and includes fixes for 9 > CVE's listed below. Though they are mostly minor the cumulative effect > of removing these from our stream would be beneficial. We should > consider updating ntp in sid/stretch to incorporate these security fixes.
It actually doesn't fix all of them. I've been waiting for upstream to finally fix it, but it seems nothing is happening. Kurt

