[pkg-ntp-maintainers] Bug#733940: Bug#733940: ntp: CVE-2013-5211

martin f krafft madduck at debian.org
Mon Jan 27 18:35:34 UTC 2014


also sprach Kurt Roeckx <kurt at roeckx.be> [2014-01-27 18:31 +0100]:
> I'm not sure what you're suggesting.

Neither, but ignoring the problem isn't okay either, I feel. At the
very least, Debian should pressure ntp.org to release a security
upgrade for 4.2.6… and then ideally there'd be a new keyword like
noquery except that actual NTP queries would be okay, but nothing
else.

-- 
 .''`.   martin f. krafft <madduck at d.o>      Related projects:
: :'  :  proud Debian developer               http://debiansystem.info
`. `'`   http://people.debian.org/~madduck    http://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"when women love us, they forgive us everything, even our crimes;
 when they do not love us, they give us credit for nothing,
 not even our virtues."
                                                   -- honoré de balzac
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1124 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL: <http://lists.alioth.debian.org/pipermail/pkg-ntp-maintainers/attachments/20140127/6b2f4089/attachment.sig>


More information about the pkg-ntp-maintainers mailing list