[Buildroot] [PATCH] ntp: security bump to version 4.2.8p1

Peter Korsgaard peter at korsgaard.com
Tue Feb 10 23:52:00 UTC 2015


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Fixes:
 > CVE-2014-9297 - vallen is not validated in several places in ntp_crypto.c,
 > leading to a potential information leak or possibly a crash

 > CVE-2014-9298 - ::1 can be spoofed on some OSes (including "some versions" of
 > Linux), so ACLs based on IPv6 ::1 addresses can be bypassed

 > Drop a patch applied upstream, along with its accompanied AUTORECONF.

 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>

Committed, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list