[ntp:security] [scr465055] extends a fix that we did for a previous CVE

Harlan Stenn stenn at nwtime.org
Fri Feb 16 08:09:16 UTC 2018


Thanks!

How can I edit the entry?

H

On 2/15/18 11:11 AM, cve-request at mitre.org wrote:
> Thank you for contacting us. We have reorganized your message as a CVE
> ID request and provided the ID number shown below.
> 
> The information shown below simply reflects the required/expected
> fields, and is not intended to constrain anything about your later
> public disclosure.
> 
> As you can see, using the original CVE typically would be incorrect.
> 
> 
>> [Suggested description]
>> A vulnerability in NTP required an extended fix relative to the fix
>> for CVE-201x-xxxxx.
> 
>> ------------------------------------------
> 
>> [Additional Information]
>> We're about to release a new version of NTP that includes some
>> security fixes. One of these fixes extends a fix that we did for a
>> previous CVE. Should we just use the original CVE for that issue, or
>> request a new CVE?
> 
>> ------------------------------------------
> 
>> [VulnerabilityType Other]
>> unspecified
> 
>> ------------------------------------------
> 
>> [Affected Product Code Base]
>> NTP
> 
>> ------------------------------------------
> 
>> [Reference]
>> http://support.ntp.org/bin/view/Main/SecurityNotice
> 
> Use CVE-2018-7170.
> 
> 
> 

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 699 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20180216/9b7595ec/attachment.sig>


More information about the security mailing list