Date: Tue, 14 Apr 2015 08:55:36 +0200 From: Gsunde Orangen <gsunde.orangen@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request for some NTP stuff This is just a "cleanup" notice for those two ntp vulnerabilities that were resolved on Feb 4th: On 2015-02-05, 00:03 Gsunde Orangen wrote: > Hi Kurt, > > On 2015-02-04, 23:24 Kurt Seifried wrote: >> I haven't seen any CVE's for these yet: > >> http://bugs.ntp.org/show_bug.cgi?id=2671 vallen is not validated, >> leading to potential info leak > CVE-2014-9297 (according to > http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities) > > > > > > >> http://bugs.ntp.org/show_bug.cgi?id=2655 Multiple vulnerabilities >> in ntpd > This bug lists 8 different bugs, Bugs #1 - #7 are tracked in > different ids (#7 is the one above: id=2671) The remaining bug #8 > is defined as CVE-2014-9298 as in > http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities > > > > > Note however, that the Cert VNDB > (http://www.kb.cert.org/vuls/id/852879) uses the same CVEs for > bugs #7 and #8, but mutually exchanged! Either ntp.org or cert.org > is wrong... cert.org was wrong but had apparently fixed it immediately after that notice. > > >> Thanks. > > You're welcome ;-) > >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ