[ntp:security] High severity vulnerability in ntpd-4.2.8p8
sgraves at nwtime.org
Wed Jun 29 12:37:02 UTC 2016
I'll request the CVE this morning, we should have the number in a couple of days.
Please do not use unencrypted mail for communications that include any details of this going forward until after public release.
On June 29, 2016 4:32:32 AM PDT, Harlan Stenn <stenn at nwtime.org> wrote:
>Sue should be up in a couple of hours. How about we see what she
>Sent from my iPhone - please excuse brevity and typos
>> On Jun 29, 2016, at 4:14 AM, Magnus Stubman <magnus at stubman.eu>
>>> On 29 Jun 2016, at 13:00, Harlan Stenn <stenn at nwtime.org> wrote:
>>>> On 6/29/16 3:56 AM, Magnus Stubman wrote:
>>>> I have two questions:
>>>> 1. Can you request a CVE for this vulnerability?
>>> Yes. Sue, might I bother you to handle this?
>> Sure. How is it usually done? Sending an encrypted request to
>cve-assign at mitre.org ?
>> What information should be included in the request?
>> Is there any special namedropping or reference which can be provided
>to speed up the process for mitre? I hear that they are quite slow
>> My initial guess would be that it would be faster if the request came
>from you, since I am a “new face” to mitre.
>> The most important thing is that a CVE is available upon release of
>>>> 2. When will the patch be released to the public?
>>> In 4.2.8p9, which will probably happen in about 3 weeks' time.
>>> We have other things to fix in p9 as well, and those *should* be
>>> finished in a week, if all goes well. Then the OS distribution
>>> like to have 2 weeks' to prepare their releases.
>>> Harlan Stenn <stenn at nwtime.org>
>>> http://networktimefoundation.org - be a member!
>> - Magnus Stubman
>security mailing list
>security at lists.ntp.org
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security