[ntp:security] NTP security release VU#961909

Harlan Stenn stenn at nwtime.org
Thu Feb 22 00:25:26 UTC 2018

On 2/21/18 4:17 PM, Art Manion wrote:
> On 2/21/18 7:10 PM, Harlan Stenn wrote:
>> So I should list/track all of the security issues listed for p11 under
>> VU#961909 ?
> Yes, VU#961909 tracks all the CVE IDs which I suspect map to all of the
> security issues under p11.  Yes, a bit of a mess.


>> We have CVE numbers for all of them.
>> I didn't include them in the release as information about the bugs and
>> their fixes are generally embargoed.
>> Mitre already has the descriptions from when I opened the CVE requests,
>> and they said they'd fill out the details when we went public.
>> I'm happy to send CERT the details now, if you prefer.
> As long as they're issued and MITRE has descriptions, we're good.  I
> would suggest referencing the CVE IDs in whatever information you make
> public, such as an advisory and/or bug tracker tickets.  That's a great
> help to everyone tracking vulnerabilities.

Yes, that's what we're doing.


> Regards,
>  - Art

Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!

More information about the security mailing list