[ntp:security] Crypto-Nak of death (Question regarding April NTP Vulnerabilities - PSIRT-0241128805)

Harlan Stenn stenn at nwtime.org
Fri May 6 11:09:05 UTC 2016



If I can get a PGP key for you I can send you the patch.

I've attached the NTP daily-use security key.

We're working on a better way to open security bugs.

Am I forgetting anything?


On 5/5/16 4:09 AM, Nicolas Edet wrote:
> Hi Harlan,
> Our PSIRT group coordinates vulnerability disclosures so I'm diverting
> the question to Sasa.
> I'm aware of the security mailer but not of a public key. Googling "ntp
> security key" gives too many irrelevant results :)
> I thought security bugs should not be filed in bugzilla? Anyway I have
> created an account nicoedet-ntp at yahoo.fr in case this is useful.
> Thanks
> Nicolas
> On 05/05/2016 01:50, Harlan Stenn wrote:
>> Hi Nicolas,
>> Where did you look for how to submit security issues to NTP?
>> Brad and Sue, we may need to make sure that we advertise this better.
>> Is our security pubkey easy to find?
>> I'm looking to see if this is a re-open of an existing bug or if we need
>> a new bug report.
>> If you'd like to be the one to follow up on this in our bugzilla, I'll
>> need you to register at bugs.ntp.org.  If somebody else should be listed
>> on this bug report please let me know.
>> Thanks!

Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x0066B2FD.asc
Type: application/pgp-keys
Size: 4531 bytes
Desc: not available
URL: <http://lists.ntp.org/private/security/attachments/20160506/7c9943db/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 670 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20160506/7c9943db/attachment.sig>

More information about the security mailing list