On Wed, May 18, 2016 at 01:24:37PM -0400, Antoine Beaupré wrote: > On 2016-02-13 05:49:24, Kurt Roeckx wrote: > > On Sat, Feb 13, 2016 at 10:06:23AM +0000, Damyan Ivanov wrote: > >> Hello dear maintainer(s), > >> > >> The Debian LTS team would like to fix the security issues which are > >> currently open in the Squeeze version of ntp: > >> https://security-tracker.debian.org/tracker/source-package/ntp > > > > I was under the impression that squeeze LTS support ended? > > > >> Would you like to take care of this yourself? > >> > >> Note that all of the squeeze-relevant issues are still open in the > >> "newer" Debian releases (wheezy through sid). > > > > I'm waiting for upstream to actually fix things. I estimate it's > > going to take 2 months. > > Hi! > > That two months delay seems to have expired now. Do you need help > backporting patches to wheezy?
I need help getting them into jessie in the first place. It should normally be trivial to also get them in wheezy in that case. > I count around 9 issues still pending in the security tracker for ntp, > some of them being new since this was last discussed. Those are the > issues currently pending: There are 22 open, some of which are marked as non-important. Of the new ones some should probably also be marked as such. I've spend several hours during the weekend going over commits in bitkeeper. But as ussual, it's all a big mess. I have 10 issues fixed in svn. I also have 7 files with the patches in as they apply to 4.2.8 version, but I didn't try to apply them to 4.2.6 version yet, so I have no idea what the state of those patches is. Then there also seem to be at least 2 other bug fixes that appear to be security issues but that didn't get a CVE. Kurt