[ntp:security] High severity vulnerability in ntpd-4.2.8p8

Harlan Stenn stenn at nwtime.org
Wed Jun 29 11:00:02 UTC 2016


On 6/29/16 3:56 AM, Magnus Stubman wrote:
> I have two questions:
> 
> 1. Can you request a CVE for this vulnerability?

Yes.  Sue, might I bother you to handle this?

> 2. When will the patch be released to the public?

In 4.2.8p9, which will probably happen in about 3 weeks' time.

We have other things to fix in p9 as well, and those *should* be
finished in a week, if all goes well.  Then the OS distribution folks
like to have 2 weeks' to prepare their releases.

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!



More information about the security mailing list