[ntp:questions] Patch for CVE-11868 & 2020-13817

Martin Burnicki martin.burnicki at burnicki.net
Thu Aug 13 15:59:25 UTC 2020


Srinivasan, Usha wrote:
> Hello,
> I git cloned the repo using:
> git clone https://github.com/ntp-project/ntp.git

Hm, the code is originally kept in a bitkeeper repo. Some time ago,
someone imported this into a git repo, but that repo hasn't been updated
for quite some time.

> But I am not able to find the patch for these two CVEs.  However, I downloaded 4.2.8p15 source and it contains the bug fixes, however, without the patch itself I cannot tell the footprint of the fix.  I need to make the fix in an older version of NTP.  Can someone tell me where I find the commit id for the fixes for these two patches and in what repo?

As far as I can see, the 2 CVEs have been handled by NTP's bugzilla:
https://bugs.ntp.org/show_bug.cgi?id=3592
https://bugs.ntp.org/show_bug.cgi?id=3596

If you search the bitkeeper repo for the bug numbers, you find the
associated changesets:

http://bk.ntp.org/ntp-stable/?PAGE=search&EXPR=3596&SEARCH=ChangeSet+comments

http://bk.ntp.org/ntp-stable/?PAGE=search&EXPR=3592&SEARCH=ChangeSet+comments


Hope this helps!

Martin


More information about the questions mailing list