[ntp:security] Cisco ASIG NTP Defect Batch 1
Matthew Van Gundy
mvangund at cisco.com
Wed Oct 7 18:24:44 UTC 2015
My apologies, the attached disclosure bundle was double-gzipped.
(Apparently bsdtar iteratively gunzips until it gets a tar header.)
On 10/7/15 1:50 PM, Matthew Van Gundy wrote:
> Enclosed is a combined bundle of defect details for defects that Cisco
> ASIG has found in NTP. Since most of the defects affect both the NTP
> and NTPSec projects, we are providing a combined bundle (with the
> affected versions clearly noted) and we will be making simultaneous
> disclosures to both the NTP and NTPSec projects.
> This is our initial disclosure. None of these defects have been
> publicly disclosed. Please use appropriate care in handling information
> regarding these defects. We hope to be able to coordinate a combined
> public disclosure.
> Aanchal Malhotra, of Boston University, is Cc'd on this disclosure as
> two of the defects were found by Aanchal while visiting at ASIG.
> For further information about Cisco's Vendor Vulnerability Reporting
> and Disclosure Policy, see:
> If you have any questions, I would be happy to discuss them with you.
> Thank you,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 236 bytes
Desc: OpenPGP digital signature
More information about the security