Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Oct 2015 08:54:26 +0200
From: Martin Prpic <mprpic@...hat.com>
To: "oss-security\@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Duplicate CVE: CVE-2015-7703 in NTP

Hi,

It seems that NTP upstream has also requested a CVE (and had one
assigned) for this issue:

Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally. (RedHat) 
[http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner]

However, Red Hat assigned CVE-2015-5196 to this issue when it was first
discovered:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5196

Can CVE-2015-7703 please be rejected?

Thank you!

-- 
Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ