[pkg-ntp-maintainers] Bug#733940: Bug#733940: ntp: CVE-2013-5211

martin f krafft madduck at debian.org
Mon Jan 27 14:53:32 UTC 2014


also sprach Moritz Mühlenhoff <jmm at inutil.org> [2014-01-16 22:46 +0100]:
> Ok, let's ignore it. Marked as such in the Debian Security Tracker.

Please reconsider this decision. Operators of most of the public NTP
servers (pool.ntp.org *was* founded by a DD!) don't just deploy
software aside from their distro and effectively, I think that by
ignoring the problem, Debian is actively being a part of the
vastly-increasing problem of dDoS-reflection/amplification attacks.

-- 
 .''`.   martin f. krafft <madduck at d.o>      Related projects:
: :'  :  proud Debian developer               http://debiansystem.info
`. `'`   http://people.debian.org/~madduck    http://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1124 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL: <http://lists.alioth.debian.org/pipermail/pkg-ntp-maintainers/attachments/20140127/3d786cf1/attachment.sig>


More information about the pkg-ntp-maintainers mailing list