[ntp:security] High severity vulnerability in ntpd-4.2.8p8
magnus at stubman.eu
Wed Jun 29 11:14:21 UTC 2016
> On 29 Jun 2016, at 13:00, Harlan Stenn <stenn at nwtime.org> wrote:
> On 6/29/16 3:56 AM, Magnus Stubman wrote:
>> I have two questions:
>> 1. Can you request a CVE for this vulnerability?
> Yes. Sue, might I bother you to handle this?
Sure. How is it usually done? Sending an encrypted request to cve-assign at mitre.org <mailto:cve-assign at mitre.org> ?
What information should be included in the request?
Is there any special namedropping or reference which can be provided to speed up the process for mitre? I hear that they are quite slow these days..
My initial guess would be that it would be faster if the request came from you, since I am a “new face” to mitre.
The most important thing is that a CVE is available upon release of p9.
>> 2. When will the patch be released to the public?
> In 4.2.8p9, which will probably happen in about 3 weeks' time.
> We have other things to fix in p9 as well, and those *should* be
> finished in a week, if all goes well. Then the OS distribution folks
> like to have 2 weeks' to prepare their releases.
> Harlan Stenn <stenn at nwtime.org>
> http://networktimefoundation.org - be a member!
- Magnus Stubman
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security