Module Name: src
Committed By: snj
Date: Tue May 26 05:16:52 UTC 2009
Modified Files:
src/doc [netbsd-4-0]: CHANGES-4.0.2
Log Message:
Ticket 1320.
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.30 -r1.1.2.31 src/doc/CHANGES-4.0.2
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-4.0.2
diff -u src/doc/CHANGES-4.0.2:1.1.2.30 src/doc/CHANGES-4.0.2:1.1.2.31
--- src/doc/CHANGES-4.0.2:1.1.2.30 Mon May 18 18:31:18 2009
+++ src/doc/CHANGES-4.0.2 Tue May 26 05:16:51 2009
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-4.0.2,v 1.1.2.30 2009/05/18 18:31:18 bouyer Exp $
+# $NetBSD: CHANGES-4.0.2,v 1.1.2.31 2009/05/26 05:16:51 snj Exp $
A complete list of changes from the NetBSD 4.0.1 release to the NetBSD 4.0.2
release:
@@ -256,3 +256,10 @@
document PROC_PID_LIMIT_SBSIZE. Addresses PR 36463.
[snj, ticket #1318]
+dist/ntp/ntpd/ntp_crypto.c 1.15
+
+ Fix CVE-2009-1252: Buffer overflow in ntpd crypto code. A remote
+ attacker can send a specially constructed request packet that
+ would overflow the sprintf()'ed buffer causing ntpd to crash.
+ [mrg, ticket #1320]
+
