[ntp:security] Security Vulnerability Notification in NTP daemon

Harlan Stenn stenn at ntp.org
Sun Feb 22 03:45:16 UTC 2009

Hi Fergal,

> You should be receiving a separate notification that describes how to
> access the Veracode service.

OK, I haven't seen it yet but I'll dig thru my inbox to see if I might
have overlooked it.  Thanks very much!

> I would also like to draw your attention to
> a feature in the service that allows you to comment on flaws you feel
> have been erroneously flagged.  To get to this feature: go to the review
> results tab, expand the flaw details by clicking the dark blue/gray
> twisty next to a flaw ID, then expand the Show Comments and Actions
> dropdown. Finally, select "mitigated by design" from the drop down
> Action list and insert a comment. After you have entered your comment
> click Save. My security team will see your entry and this will be taken
> into account as part of the analysis.  

Will do, thanks!

> Would you and the NTP team like to do a readout with our security team?
> On the readout we can provide more insight into our analysis and discuss
> your comments. How does your schedule look Friday (2/27) at 11am, 12pm,
> or 3pm EST? 

That's probably good, and depending on whoever else is going to be on
the call on our end, I'd vote for 3pm ExT because I'd be awake by then.

This is going to be a bit of an interesting week for me - I just moved
into a new place in the SF Bay area and my internet access is supposed
to be back up on Tuesday.  As for Friday, I'll either still be in the SF
Bay area looking for a housemate to 'achieve a quorum' at the new place,
or I'll be in Oregon with my family.

Thanks again...


More information about the security mailing list