[ntp:security] NTP security release VU#961909

Harlan Stenn stenn at nwtime.org
Thu Feb 22 00:25:26 UTC 2018



On 2/21/18 4:17 PM, Art Manion wrote:
> On 2/21/18 7:10 PM, Harlan Stenn wrote:
> 
>> So I should list/track all of the security issues listed for p11 under
>> VU#961909 ?
> 
> Yes, VU#961909 tracks all the CVE IDs which I suspect map to all of the
> security issues under p11.  Yes, a bit of a mess.

Thanks!

>> We have CVE numbers for all of them.
>>
>> I didn't include them in the release as information about the bugs and
>> their fixes are generally embargoed.
>>
>> Mitre already has the descriptions from when I opened the CVE requests,
>> and they said they'd fill out the details when we went public.
>>
>> I'm happy to send CERT the details now, if you prefer.
> 
> As long as they're issued and MITRE has descriptions, we're good.  I
> would suggest referencing the CVE IDs in whatever information you make
> public, such as an advisory and/or bug tracker tickets.  That's a great
> help to everyone tracking vulnerabilities.

Yes, that's what we're doing.

Thanks!

> Regards,
> 
>  - Art
> 
> 

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!


More information about the security mailing list