** Changed in: ntp (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
Status in ntp package in
This bug was fixed in the package ntp - 1:4.2.8p12+dfsg-3ubuntu4.20.10.1
---
ntp (1:4.2.8p12+dfsg-3ubuntu4.20.10.1) groovy-security; urgency=medium
* SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953)
- debian/patches/CVE-2019-8936.patch: Guard against
This bug was fixed in the package ntp - 1:4.2.8p12+dfsg-3ubuntu4.20.04.1
---
ntp (1:4.2.8p12+dfsg-3ubuntu4.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953)
- debian/patches/CVE-2019-8936.patch: Guard against
Apologies for the delay on this, it fell off our radar but we're working
on the Focal+ updates now. And no need for the separate Groovy debdiff,
thanks Brian!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
@alexmurray - The debdiff for Groovy is identical to the one from Focal
(same source package version). Let me know if you need a distinct
debdiff with the release pocket (groovy-security) identified.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
Patch for Focal
** Patch added: "Patch for Focal"
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1891953/+attachment/5438836/+files/1-ntp_4.2.8p12+dfsg-3ubuntu5.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
Excellent - thank you :)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
Status in ntp package in Ubuntu:
Confirmed
Status in ntp source
@alexmurray - Yes, I'll work on it this week.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
Status in ntp package in Ubuntu:
Confirmed
Status
@rokclimb15 - are you still looking at producing debdiff's for focal +
groovy as well?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
Status in
** Also affects: ntp (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: ntp (Ubuntu Groovy)
Importance: Medium
Assignee: Brian Morton (rokclimb15)
Status: Fix Released
** Also affects: ntp (Ubuntu Focal)
Importance: Undecided
Status: New
**
This bug was fixed in the package ntp - 1:4.2.8p10+dfsg-5ubuntu7.3
---
ntp (1:4.2.8p10+dfsg-5ubuntu7.3) bionic-security; urgency=medium
* SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953)
- debian/patches/CVE-2019-8936.patch: Guard against operations
** Changed in: ntp (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
Status in ntp package in
** Changed in: ntp (Ubuntu)
Importance: Undecided => Medium
** Bug watch added: Debian Bug tracker #924228
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924228
** Also affects: ntp (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924228
Importance: Unknown
Hi Alex, thanks very much for fixing that loose end in the changelog and
for sponsoring this fix. I can produce them for the other releases as
well.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
Thanks for the debdiff - I am happy to sponsor this for you - one quick
thing, there is no need to reference the debian bug report in the
changelog so I have cleaned it up to look like the following:
ntp (1:4.2.8p10+dfsg-5ubuntu7.3) bionic-security; urgency=medium
* SECURITY UPDATE: Null
** Patch added: "Debdiff for Bionic"
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1891953/+attachment/5402291/+files/1-4.2.8p10+dfsg-5ubuntu7.3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-8936
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
Requires security backport for Bionic only.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
Status in ntp package in Ubuntu:
In Progress
Bug
18 matches
Mail list logo
