Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
83cf247d by Salvatore Bonaccorso at 2018-03-08T07:21:25+01:00
Start tracking ntpsec as well for february's ntp security advisory

According to upstream's confirmation in

https://lists.ntpsec.org/pipermail/devel/2018-March/006008.html

only one of the CVEs from the ntp security advisory from

http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S

is applicable.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1860,25 +1860,31 @@ CVE-2018-7187 (The "go get" implementation in 
Go 1.9.4, when the -inse
        NOTE: 
https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc
 CVE-2018-7185 (The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a 
remote ...)
        - ntp <unfixed>
+       - ntpsec <not-affected> (Issue not present)
        NOTE: http://www.kb.cert.org/vuls/id/961909
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
 CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before 
updating ...)
        - ntp <unfixed>
+       - ntpsec <not-affected> (Issue not present)
        NOTE: http://www.kb.cert.org/vuls/id/961909
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
 CVE-2018-7183 [ntpq:decodearr() can write beyond its buffer limit]
        RESERVED
        - ntp <unfixed>
+       - ntpsec <not-affected> (Issue not present)
        NOTE: http://www.kb.cert.org/vuls/id/961909
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3414
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
 CVE-2018-7182 (The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 
allows ...)
        - ntp <unfixed>
+       - ntpsec 1.0.0+dfsg1-5
        NOTE: http://www.kb.cert.org/vuls/id/961909
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3412
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
+       NOTE: Fixed by (ntpsec): 
https://gitlab.com/NTPsec/ntpsec/commit/6d6aa6da0fe685011f5a9633c3618409af8349d7
+       NOTE: https://lists.ntpsec.org/pipermail/devel/2018-March/006008.html
 CVE-2018-7181
        RESERVED
 CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...)
@@ -1929,6 +1935,7 @@ CVE-2018-7171
        RESERVED
 CVE-2018-7170 (nptd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows 
...)
        - ntp <unfixed>
+       - ntpsec <not-affected> (Issue not present)
        NOTE: http://www.kb.cert.org/vuls/id/961909
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3415
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/83cf247d5469df9a73db8fbff02cb2eb3b724865

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/83cf247d5469df9a73db8fbff02cb2eb3b724865
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to