Hello community, here is the log from the commit of package ntp for openSUSE:Factory checked in at 2016-03-18 21:28:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ntp (Old) and /work/SRC/openSUSE:Factory/.ntp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ntp" Changes: -------- --- /work/SRC/openSUSE:Factory/ntp/ntp.changes 2016-01-23 01:03:46.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.ntp.new/ntp.changes 2016-03-18 21:28:53.000000000 +0100 @@ -1,0 +2,32 @@ +Fri Mar 11 11:06:17 UTC 2016 - [email protected] + +- CVE-2015-8158, bsc#962966: potential infinite loop in ntpq +- CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass +- CVE-2015-7978, bsc#963000: Stack exhaustion in recursive + traversal of restriction list. +- CVE-2015-7979, bsc#962784: off-path denial of service on + authenticated broadcast mode +- CVE-2015-7977, bsc#962970: restriction list NULL pointer + dereference +- CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows + dangerous characters in filenames +- CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq +- CVE-2015-7974, bsc#962960: Missing key check allows impersonation + between authenticated peers +- CVE-2015-7973, bsc#962995: replay attack on authenticated + broadcast mode +- CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make + a step larger than the panic threshold + +------------------------------------------------------------------- +Mon Mar 7 13:50:03 UTC 2016 - [email protected] + +- update to 4.2.8p6 + * fixes low- and medium-severity vulnerabilities + 4.2.8p6: CVE-2015-8158 CVE-2015-8138 CVE-2015-7978 + CVE-2015-7979 CVE-2015-7977 CVE-2015-7976 CVE-2015-7975 + CVE-2015-7974 CVE-2015-7973 + 4.2.8p5: CVE-2015-5300 + * bug fixes + +----------------------- -------------------------------------------- Old: ---- ntp-4.2.8p4.tar.gz New: ---- ntp-4.2.8p6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ntp.spec ++++++ --- /var/tmp/diff_new_pack.XfwcCe/_old 2016-03-18 21:28:56.000000000 +0100 +++ /var/tmp/diff_new_pack.XfwcCe/_new 2016-03-18 21:28:56.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package ntp # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %global _ntpunitsdir %{_libexecdir}/systemd/ntp-units.d %endif Name: ntp -Version: 4.2.8p4 +Version: 4.2.8p6 Release: 0 Summary: Network Time Protocol daemon (version 4) License: (MIT and BSD-3-Clause and BSD-4-Clause) and GPL-2.0 ++++++ ntp-4.2.8p4.tar.gz -> ntp-4.2.8p6.tar.gz ++++++ /work/SRC/openSUSE:Factory/ntp/ntp-4.2.8p4.tar.gz /work/SRC/openSUSE:Factory/.ntp.new/ntp-4.2.8p6.tar.gz differ: char 5, line 1
