* [Buildroot] [PATCH] ntp: security bump to version 4.2.8p2
@ 2015-04-07 16:54 Gustavo Zacarias
2015-04-07 19:35 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2015-04-07 16:54 UTC (permalink / raw)
To: buildroot
Fixes:
CVE-2015-1798 - ntpd accepts unauthenticated packets with symmetric key
crypto.
CVE-2015-1799 - Authentication doesn't protect symmetric associations
against DoS attacks.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/ntp/ntp.hash | 4 ++--
package/ntp/ntp.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash
index 8336be8..fe51932 100644
--- a/package/ntp/ntp.hash
+++ b/package/ntp/ntp.hash
@@ -1,2 +1,2 @@
-# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p1.tar.gz.md5
-md5 65d8cdfae4722226fbe29863477641ed ntp-4.2.8p1.tar.gz
+# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p2.tar.gz.md5
+md5 fa37049383316322d060ec9061ac23a9 ntp-4.2.8p2.tar.gz
diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index bf2cdbd..c91cc70 100644
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -5,7 +5,7 @@
################################################################################
NTP_VERSION_MAJOR = 4.2
-NTP_VERSION = $(NTP_VERSION_MAJOR).8p1
+NTP_VERSION = $(NTP_VERSION_MAJOR).8p2
NTP_SITE = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
NTP_DEPENDENCIES = host-pkgconf libevent
NTP_LICENSE = ntp license
--
2.0.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] ntp: security bump to version 4.2.8p2
2015-04-07 16:54 [Buildroot] [PATCH] ntp: security bump to version 4.2.8p2 Gustavo Zacarias
@ 2015-04-07 19:35 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2015-04-07 19:35 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Tue, 7 Apr 2015 13:54:11 -0300, Gustavo Zacarias wrote:
> Fixes:
> CVE-2015-1798 - ntpd accepts unauthenticated packets with symmetric key
> crypto.
> CVE-2015-1799 - Authentication doesn't protect symmetric associations
> against DoS attacks.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> package/ntp/ntp.hash | 4 ++--
> package/ntp/ntp.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
Applied, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-04-07 19:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-07 16:54 [Buildroot] [PATCH] ntp: security bump to version 4.2.8p2 Gustavo Zacarias
2015-04-07 19:35 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.