[ntp:security] Security Vulnerability Notification in NTP daemon

Fergal Glynn FGlynn at Veracode.com
Mon Feb 23 15:56:59 UTC 2009


I'm glad you accessed the results. Can we try and do a quick call later
in the week? I'd like to get your input on our analysis and discuss
scanning a newer build. In terms of acknowledging Veracode's efforts, we
would like to get your rating up to an A and then do a joint statement.

Does Friday at 3 work?  That would be 12 noon your time?



-----Original Message-----
From: Harlan Stenn [mailto:stenn at ntp.org] 
Sent: Saturday, February 21, 2009 11:36 PM
To: Fergal Glynn
Cc: security at ntp.org
Subject: Re: [ntp:security] Security Vulnerability Notification in NTP


Thanks again, very much.

>From my initial pass, it would appear the most grevious errors y'all
found are no longer present in the code.

I would be most interested in seeing the analysis of both ntp-stable and
ntp-dev, and I'd be happy to work with y'all to make this happen, and
also make it as easy as possible for onoging efforts.

Again, I'd be happy to acknowledge Veracode's efforts NTP's Public
Services Project website.


More information about the security mailing list