[ntp:security] Cisco ASIG NTP Defect Batch 1
Matthew Van Gundy
mvangund at cisco.com
Wed Oct 7 18:24:44 UTC 2015
My apologies, the attached disclosure bundle was double-gzipped.
(Apparently bsdtar iteratively gunzips until it gets a tar header.)
On 10/7/15 1:50 PM, Matthew Van Gundy wrote:
> Enclosed is a combined bundle of defect details for defects that Cisco
> ASIG has found in NTP. Since most of the defects affect both the NTP
> and NTPSec projects, we are providing a combined bundle (with the
> affected versions clearly noted) and we will be making simultaneous
> disclosures to both the NTP and NTPSec projects.
>
> This is our initial disclosure. None of these defects have been
> publicly disclosed. Please use appropriate care in handling information
> regarding these defects. We hope to be able to coordinate a combined
> public disclosure.
>
> Aanchal Malhotra, of Boston University, is Cc'd on this disclosure as
> two of the defects were found by Aanchal while visiting at ASIG.
>
> For further information about Cisco's Vendor Vulnerability Reporting
> and Disclosure Policy, see:
> http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html
>
> If you have any questions, I would be happy to discuss them with you.
>
> Thank you,
> Matt
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20151007/8efc1058/attachment-0001.sig>
More information about the security
mailing list