[ntp:security] High severity vulnerability in ntpd-4.2.8p8

Sue Graves sgraves at nwtime.org
Wed Jun 29 12:37:02 UTC 2016


Hi Magnus
I'll request the CVE this morning,  we should have the number in a couple of days. 
Please do not use unencrypted mail for communications that include any details of this going forward until after public release.

Thank you,
Sue

On June 29, 2016 4:32:32 AM PDT, Harlan Stenn <stenn at nwtime.org> wrote:
>Magnus,
>
>Sue should be up in a couple of hours. How about we see what she
>recommends?
>
>Sent from my iPhone - please excuse brevity and typos
>
>> On Jun 29, 2016, at 4:14 AM, Magnus Stubman <magnus at stubman.eu>
>wrote:
>> 
>> 
>> 
>> 
>>> On 29 Jun 2016, at 13:00, Harlan Stenn <stenn at nwtime.org> wrote:
>>> 
>>>> On 6/29/16 3:56 AM, Magnus Stubman wrote:
>>>> I have two questions:
>>>> 
>>>> 1. Can you request a CVE for this vulnerability?
>>> 
>>> Yes.  Sue, might I bother you to handle this?
>> 
>> Sure. How is it usually done? Sending an encrypted request to
>cve-assign at mitre.org ?
>> What information should be included in the request?
>> 
>> Is there any special namedropping or reference which can be provided
>to speed up the process for mitre? I hear that they are quite slow
>these days..
>> 
>> My initial guess would be that it would be faster if the request came
>from you, since I am a “new face” to mitre.
>> 
>> The most important thing is that a CVE is available upon release of
>p9.
>> 
>>> 
>>>> 2. When will the patch be released to the public?
>>> 
>>> In 4.2.8p9, which will probably happen in about 3 weeks' time.
>>> 
>>> We have other things to fix in p9 as well, and those *should* be
>>> finished in a week, if all goes well.  Then the OS distribution
>folks
>>> like to have 2 weeks' to prepare their releases.
>>> 
>>> -- 
>>> Harlan Stenn <stenn at nwtime.org>
>>> http://networktimefoundation.org - be a member!
>> 
>> 
>> 
>> - Magnus Stubman
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>security mailing list
>security at lists.ntp.org
>http://lists.ntp.org/listinfo/security

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20160629/55bdc7de/attachment.html>


More information about the security mailing list