[ntp:security] Security Vulnerability Notification in NTP daemon
Harlan Stenn
stenn at ntp.org
Thu Feb 26 17:57:37 UTC 2009
Fergal,
Thanks, I'm looking forward to the call.
H
--
> Harlan,
>
> =20
>
> We will talk to you at 12 on Friday. Conf bridge ID and internet meeting
> URL details are below **.
>
> =20
>
> I'm sorry but the 4.2.4p5 scan won't be finished before the call. After
> reviewing the results we ask the project to mitigate the flaws and
> resubmit the application for an additional scan. The results of this
> scan will be released to our customer. We should decide tomorrow what
> version will be best to scan next.
>
> =20
>
> Talk to you tomorrow,
>
> =20
>
> Fergal
>
> =20
>
> =20
>
> **Meeting details
>
> =20
>
> Dial-in: 888-272-7337
>
> International: +1-303-928-2688
>
> Conf ID: 2303739
>
> =20
>
> Fergal Glynn has invited you to attend an online meeting using Live
> Meeting.
> Join the meeting.
> <https://www.livemeeting.com/cc/veracode/join?id=3DF72JMB&role=3Dattend&p=
> w=3Dt
> nnF%5E%7B5>=20
>
> =20
>
> Copy this address and paste it into your web browser:=20
> https://www.livemeeting.com/cc/veracode/join=20
>
> Copy and paste the required information:=20
> Meeting ID: F72JMB=20
> Entry Code: tnnF^{5
>
> =20
>
> =20
>
> =20
>
> =20
>
> =20
>
> -----Original Message-----
> From: Harlan Stenn [mailto:stenn at ntp.org]=20
> Sent: Thursday, February 26, 2009 1:14 AM
> To: Fergal Glynn
> Cc: Harlan Stenn; security at ntp.org
> Subject: Re: [ntp:security] Security Vulnerability Notification in NTP
> daemon=20
>
> =20
>
> Hi Fergal,
>
> =20
>
> > I'm glad you accessed the results. Can we try and do a quick call
> later
>
> > in the week? I'd like to get your input on our analysis and discuss
>
> > scanning a newer build. In terms of acknowledging Veracode's efforts,
> we
>
> > would like to get your rating up to an A and then do a joint
> statement.
>
> >=20
>
> > Does Friday at 3 work? That would be 12 noon your time?
>
> =20
>
> Yes, that will be fine. Is there a chance the scan of 4.2.4p5 will be
>
> finished by then?
>
> =20
>
> I'm hoping to release 4.2.6 soon, and that will come from the latest
>
> ntp-dev code. How difficult would it be to get that code scanned?
>
> =20
>
> Thanks...
>
> =20
>
> H
>
>
> ------_=_NextPart_001_01C99827.FDF62016
> Content-Type: text/html;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
> xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
> xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
> xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
> xmlns=3D"http://www.w3.org/TR/REC-html40">
>
> <head>
> <meta http-equiv=3DContent-Type content=3D"text/html; =
> charset=3Dus-ascii">
> <meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
> <style>
> <!--
> /* Font Definitions */
> @font-face
> {font-family:Calibri;
> panose-1:2 15 5 2 2 2 4 3 2 4;}
> @font-face
> {font-family:Tahoma;
> panose-1:2 11 6 4 3 5 4 4 2 4;}
> @font-face
> {font-family:Consolas;
> panose-1:2 11 6 9 2 2 4 3 2 4;}
> /* Style Definitions */
> p.MsoNormal, li.MsoNormal, div.MsoNormal
> {margin:0in;
> margin-bottom:.0001pt;
> font-size:11.0pt;
> font-family:"Calibri","sans-serif";}
> a:link, span.MsoHyperlink
> {mso-style-priority:99;
> color:blue;
> text-decoration:underline;}
> a:visited, span.MsoHyperlinkFollowed
> {mso-style-priority:99;
> color:purple;
> text-decoration:underline;}
> p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
> {mso-style-priority:99;
> mso-style-link:"Plain Text Char";
> margin:0in;
> margin-bottom:.0001pt;
> font-size:10.5pt;
> font-family:Consolas;}
> span.PlainTextChar
> {mso-style-name:"Plain Text Char";
> mso-style-priority:99;
> mso-style-link:"Plain Text";
> font-family:Consolas;}
> span.EmailStyle19
> {mso-style-type:personal;
> font-family:"Arial","sans-serif";}
> .MsoChpDefault
> {mso-style-type:export-only;}
> @page Section1
> {size:8.5in 11.0in;
> margin:1.0in 1.0in 1.0in 1.0in;}
> div.Section1
> {page:Section1;}
> /* List Definitions */
> @list l0
> {mso-list-id:1109348745;
> mso-list-type:simple;
> mso-list-template-ids:-1943890862;}
> @list l0:level1
> {mso-level-tab-stop:none;
> mso-level-number-position:left;
> mso-level-legacy:yes;
> mso-level-legacy-indent:.25in;
> mso-level-legacy-space:0in;
> margin-left:0in;
> text-indent:0in;
> font-family:"Times New Roman","serif";}
> @list l1
> {mso-list-id:1950048123;
> mso-list-type:hybrid;
> mso-list-template-ids:-1780312216 1925610090 67698691 67698693 67698689
> =
> 67698691 67698693 67698689 67698691 67698693;}
> @list l1:level1
> {mso-level-start-at:0;
> mso-level-number-format:bullet;
> mso-level-text:\F0B7;
> mso-level-tab-stop:none;
> mso-level-number-position:left;
> text-indent:-.25in;
> font-family:Symbol;
> mso-fareast-font-family:"Times New Roman";
> mso-bidi-font-family:"Times New Roman";}
> @list l1:level2
> {mso-level-tab-stop:1.0in;
> mso-level-number-position:left;
> text-indent:-.25in;}
> @list l1:level3
> {mso-level-tab-stop:1.5in;
> mso-level-number-position:left;
> text-indent:-.25in;}
> @list l1:level4
> {mso-level-tab-stop:2.0in;
> mso-level-number-position:left;
> text-indent:-.25in;}
> @list l1:level5
> {mso-level-tab-stop:2.5in;
> mso-level-number-position:left;
> text-indent:-.25in;}
> @list l1:level6
> {mso-level-tab-stop:3.0in;
> mso-level-number-position:left;
> text-indent:-.25in;}
> @list l1:level7
> {mso-level-tab-stop:3.5in;
> mso-level-number-position:left;
> text-indent:-.25in;}
> @list l1:level8
> {mso-level-tab-stop:4.0in;
> mso-level-number-position:left;
> text-indent:-.25in;}
> @list l1:level9
> {mso-level-tab-stop:4.5in;
> mso-level-number-position:left;
> text-indent:-.25in;}
> ol
> {margin-bottom:0in;}
> ul
> {margin-bottom:0in;}
> -->
> </style>
> <!--[if gte mso 9]><xml>
> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
> </xml><![endif]--><!--[if gte mso 9]><xml>
> <o:shapelayout v:ext=3D"edit">
> <o:idmap v:ext=3D"edit" data=3D"1" />
> </o:shapelayout></xml><![endif]-->
> </head>
>
> <body lang=3DEN-US link=3Dblue vlink=3Dpurple>
>
> <div class=3DSection1>
>
> <p class=3DMsoPlainText>Harlan,<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>We will talk to you at 12 on Friday. Conf bridge =
> ID and
> internet meeting URL details are below **.<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>I’m sorry but the 4.2.4p5 scan won’t =
> be
> finished before the call. After reviewing the results we ask the project =
> to
> mitigate the flaws and resubmit the application for an additional scan. =
> The
> results of this scan will be released to our customer. We should decide
> tomorrow what version will be best to scan next.<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>Talk to you tomorrow,<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>Fergal<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>**Meeting details<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoNormal>Dial-in:
> &=
> nbsp;
> 8<span style=3D'color:#1F497D'>88</span>-272-7337<o:p></o:p></p>
>
> <p class=3DMsoNormal>International: =
> +1-303-928-2688<o:p></o:p></p>
>
> <p class=3DMsoNormal>Conf
> ID: &nbs=
> p;
> 2303739<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Fergal
> Glynn has invited you to attend an online meeting using Live =
> Meeting.</span><span
> style=3D'font-size:12.0pt;font-family:"Arial","sans-serif"'><br>
> </span><b><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'><a
> href=3D"https://www.livemeeting.com/cc/veracode/join?id=3DF72JMB&role=
> =3Dattend&pw=3DtnnF%5E%7B5"><span
> style=3D'color:blue'>Join the =
> meeting.</span></a></span></b><o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoNormal style=3D'text-autospace:none'><span =
> style=3D'font-size:10.0pt;
> font-family:"Tahoma","sans-serif"'>Copy this address and paste it into =
> your web
> browser: </span><span =
> style=3D'font-size:12.0pt;font-family:"Arial","sans-serif"'><br>
> </span><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'><a
> href=3D"https://www.livemeeting.com/cc/veracode/join">https://www.livemee=
> ting.com/cc/veracode/join</a>
> </span><span =
> style=3D'font-size:12.0pt;font-family:"Arial","sans-serif"'><o:p></o:p></=
> span></p>
>
> <p class=3DMsoPlainText><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Copy
> and paste the required information: </span><span =
> style=3D'font-size:12.0pt;
> font-family:"Arial","sans-serif"'><br>
> </span><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Meeting
> ID: F72JMB </span><span =
> style=3D'font-size:12.0pt;font-family:"Arial","sans-serif"'><br>
> </span><span =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Entry
> Code: tnnF^{5</span><o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>-----Original Message-----<br>
> From: Harlan Stenn [mailto:stenn at ntp.org] <br>
> Sent: Thursday, February 26, 2009 1:14 AM<br>
> To: Fergal Glynn<br>
> Cc: Harlan Stenn; security at ntp.org<br>
> Subject: Re: [ntp:security] Security Vulnerability Notification in NTP =
> daemon <o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>Hi Fergal,<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>> I'm glad you accessed the results. Can we =
> try and do
> a quick call later<o:p></o:p></p>
>
> <p class=3DMsoPlainText>> in the week? I'd like to get your input on =
> our
> analysis and discuss<o:p></o:p></p>
>
> <p class=3DMsoPlainText>> scanning a newer build. In terms of =
> acknowledging
> Veracode's efforts, we<o:p></o:p></p>
>
> <p class=3DMsoPlainText>> would like to get your rating up to an A =
> and then do
> a joint statement.<o:p></o:p></p>
>
> <p class=3DMsoPlainText>> <o:p></o:p></p>
>
> <p class=3DMsoPlainText>> Does Friday at 3 work? That would be =
> 12 noon
> your time?<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>Yes, that will be fine. Is there a chance =
> the scan
> of 4.2.4p5 will be<o:p></o:p></p>
>
> <p class=3DMsoPlainText>finished by then?<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>I'm hoping to release 4.2.6 soon, and that will =
> come from
> the latest<o:p></o:p></p>
>
> <p class=3DMsoPlainText>ntp-dev code. How difficult would it be to =
> get that
> code scanned?<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>Thanks...<o:p></o:p></p>
>
> <p class=3DMsoPlainText><o:p> </o:p></p>
>
> <p class=3DMsoPlainText>H<o:p></o:p></p>
>
> </div>
>
> </body>
>
> </html>
>
> ------_=_NextPart_001_01C99827.FDF62016--
More information about the security
mailing list