[ntp:security] [Bug 1331] DoS with mode 7 packets (CVE-2009-3563)

Harlan Stenn stenn at ntp.org
Fri Oct 23 04:31:24 UTC 2009


> Harlan Stenn via the NTP Bugzilla wrote:

>> CERT prefers to have at least 45 days' time for vendors to apply the
>> patch and test it.  They have asked us if Tuesday 8 December is an
>> acceptable "announce" date.  That seems fine with me, anybody
>> disagree?

> It's hard to know since you didn't send us a copy of what you sent them.

The announcement for the CVE they have seen is pretty much:

 https://support.ntp.org/private/bin/view/Security/NoticeCVEx2009x3563

If you are talking about the patch, how does that affect the 45 day
thing?

H


More information about the security mailing list