Package: ntp Severity: important Tags: patch, security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for ntp.
CVE-2009-0159[0]: | Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c | in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute | arbitrary code via a crafted response. The upstream bug together with the patch can be found here[1]. The issue can only be exploited by querying a malicious server and even then the overflow is fairly limited. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 http://security-tracker.debian.net/tracker/CVE-2009-0159 [1] https://support.ntp.org/bugs/show_bug.cgi?id=1144 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
