Author: carnil
Date: 2016-01-21 21:43:38 +0000 (Thu, 21 Jan 2016)
New Revision: 39073
Modified:
data/CVE/list
Log:
Two more CVEs for ntp, mitigted with 4.2.8p6
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-21 21:41:50 UTC (rev 39072)
+++ data/CVE/list 2016-01-21 21:43:38 UTC (rev 39073)
@@ -6382,10 +6382,20 @@
RESERVED
CVE-2015-8141
RESERVED
-CVE-2015-8140
+CVE-2015-8140 [ntpq vulnerable to replay attacks]
RESERVED
-CVE-2015-8139
+ - ntp <unfixed>
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2947
+ NOTE: Mitigated in 4.2.8p6
+ TODO: check
+CVE-2015-8139 [Origin Leak: ntpq and ntpdc, disclose origin]
RESERVED
+ - ntp <unfixed>
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2946
+ NOTE: Mitigated in 4.2.8p6
+ TODO: check
CVE-2015-8138 [ntp: missing check for zero originate timestamp]
RESERVED
- ntp <unfixed>
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
